Slashdot Mirror

← Back to Stories (view on slashdot.org)

Separating Fact From Hype On Mobile Malware

Posted by Soulskill on from the viruses-in-your-pocket dept.

wiredmikey writes with this quote from an article about determining whether the recent doom-and-gloom reports about malware on mobile devices are justified: "As twilight approaches for 2011, security vendors have set their gaze on the rise of Android malware during the year and what is ahead. Last week, Juniper Networks entered the fray, declaring the number of malware samples it observed targeting devices running Google Android had shot up nearly 500 percent since July. Today, McAfee released its threats report for the third quarter of the year, which found that the amount of malware targeting Android devices jumped 37 percent since the second quarter. While there is no doubt the amount of malicious programs with Windows in their bull's eye dwarfs the amount of threats to mobile devices, the focus on Android malware have left some wondering how to separate fact from hype."

7 of 46 comments (clear)

  1. Allow users to set permissions? by Anonymous Coward · · Score: 5, Interesting

    Other than CM, where one can set permissions of apps, the only real way to limit app permissions is with use of DroidWall.

    This way, if a game wants the whole world for perms, it might get the ability to call home for high scores, but that is it.

    1. Re:Allow users to set permissions? by alostpacket · · Score: 4, Informative

      There are a couple apps out there that do this (most needing root). They essentially re-write the manifest to not ask for the permission -- sometimes by decompiling/recompiling. This crashes a lot of apps as devs dont expect to need to check for a SecurityException. The other problem with this level of granularity comes user confusion. The more granularity, the more confused a user can get. It also breaks the "agreement" between the dev/publisher and the user, much like ad-blocking in web browsers does. This is unfortunate because it's really hard to fault users for wanting that kind of control when "permission creep" is growing wildly out of control. Honestly, I'm not sure there is an easy answer/fix to this. Open markets mean a bit of chaos is likely to emerge -- that's a good thing. But the only way to combat the unscrupulous is through educating users and having the community diligent in it's policing and reporting.

      The worst offenders though are the carrier bloatware apps (IMHO).

      Full disclosure: I have myself written a security guide for Android (CC license), and have an app for sale that provides information for novice users as well as permission search (to see what apps are using what permissions). I say this because obviously my work will bias my thoughts on the matter.

      The link in case anyone is interested: http://alostpacket.com/2010/02/20/how-to-be-safe-find-trusted-apps-avoid-viruses/
      Please note the guide is intened for novice users, which is unlikely to apply to most of the Slashdot crowd :)

      --
      PocketPermissions Android Permission Guide
  2. FUD? by AHTuttle · · Score: 5, Insightful

    While I have no doubt Android is a increasing target, why do I get the sense this is hype from Android competitors and anti-virus software makers? Just don't install any strange apps without research and think about where your browsing and I don't anticipate problems. At least I've had none in the year or so I've been on Android phones.

    1. Re:FUD? by cheeks5965 · · Score: 5, Insightful

      Mom: "honey, how should I avoid viruses on my new phone?" Me: "first, be sure to research your apps before you download them." Mom: "what? where do I do that? didnt Sprint already do that?" Me: "then, don't browse to web pages that might contain malware" Mom: "how should I know what sites are ok and what are not?" Me: "rely on your past experience battling viruses on Windows." Mom: "You're my least favorite son. I hate you."

      --
      -- Flame me and I will happily flame you back. Bring it!
  3. Why the emphasis on percentages? by DeadCatX2 · · Score: 4, Interesting

    500% this, 37% that...

    One of the first tricks they teach you in "how to lie with numbers" is to use percentages to inflate otherwise small numbers.

    If they want to pimp a percentage, I would love to ask them...what percentage of the Android market share is infected? Somehow I think they wouldn't want to share that number, because all the 0's to the right of the decimal point may call into question exactly how much that very same company's products and services are needed.

    --
    :(){ :|:& };:
  4. 500%? Man, that's nothing... by QuasiSteve · · Score: 5, Funny

    500%? Man, that's nothing... why, at the beginning of the year Apple still claimed zero malware in the App Store, then this happened:
    http://apple.slashdot.org/story/11/11/07/2029219/charlie-miller-circumvents-code-signing-for-ios-apps

    Briefly, malware in the Apple App Store increased by one divided by zer-OH SHI

  5. Most security *is* theater by Anonymous Coward · · Score: 5, Insightful

    I say this as an Infosec professional. If you remove all the hype/FUD and look at actual exploit/breach rates, the entire industry would change and shrink drastically. But they don't. So we have what we have - lots of snake oil and irrelevant/useless tools pushed to solve imaginary problems. Honestly, I am ashamed of myself but the money's too good :-)