Slashdot Mirror
Defending Your Cellphone Against Malware
Hugh Pickens writes "Kate Murphy writes that as cellphones have gotten smarter, they have become less like phones and more like computers, and that with more than a million phones worldwide already hacked, technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. Cellphones are often loaded with even more personal information than PCs, so an undefended or carelessly operated phone can result in a breathtaking invasion of individual privacy as well as the potential for data corruption and outright theft. But there are a few common sense ways to protect yourself: Avoid free, unofficial versions of popular apps that often have malware hidden in the code, avoid using Wi-Fi in a Starbucks or airport which leaves you open to hackers, and be wary of apps that want permission to make phone calls, connect to the Internet or reveal your identity and location."
Pickens continues: "One common ruse is a man-in-the middle attack when a target receives a text message that claims to be from his or her cell service provider asking for permission to 'reprovision' or otherwise reconfigure the phone's settings due to a network outage or other problem. Don't click 'O.K.' Call your carrier to see if the message is bogus. For the more paranoid, there are supersecure smartphones like the Sectéra Edge by General Dynamics, commissioned by the Defense Department for use by soldiers and spies which may soon be available to the public in the near future. 'It's like any arms race,' says mobile security consultant Michael Pearce. 'No one wins, but you have to go ahead and fight anyway.'"
Use a Blackberry. Lack of apps aside, even if the malware authors want to code one, the antiquate API would drive them to whiskey abuse.
And of course the main platform prone to issues is android. Flame al you want but the endless reports of various significance all show it's true that android is more prone to malware than iOS and windows phone
Bitch please :D
twitter.com/ismetozozturk
So, in other words, all apps that actually make use of the fact that it's a mobile device able to determine its position in real space to enhance the user's real-world experience...
Sounds to me like the OS makers need to address this, and give user-level ways of doing things that don't compromise the whole system if something nefarious happens, and then also give the manufacturer of the OS the ability to alert users when the manufacturer learns of malicious applications so that they can be removed.
Do not look into laser with remaining eye.
And they'd have been just as wrong too.
The "install an infected app from the app store" route is only one of many ways to infect a device like this. A remote exploit, like how Microsoft's browser brings down hundreds of thousands of PCs a year, is much more likely IMHO to cause real widespread chaos.
Do not look into laser with remaining eye.
By "cellphone" they actually mean "Android". I've never heard of iOS, BlackBerryOS or WinPho7 having any serious malware issues, granted there have been a couple of minor incidents, but Android seems to be the platform of choice to have your phone join a botnet.
step 1: Buy a dumbphone.
step 2: Buy an OpenPandora
Don't ever turn it on, or for heaven's sake, don't take it out of airplane mode...
Do not look into laser with remaining eye.
The ultimate solution!
twitter.com/ismetozozturk
My iPhone doesn't tell me when an app wants permission to connect to the internet or share/sell my personal information with 3rd parties :-(
Buy an i*****, not an Android.
If you're ignoring for the moment the spyware that's installed on an i*****, then yes, that's a good idea.
If Pandora's box is destined to be opened, *I* want to be the one to open it.
"be wary of apps that want permission to ... connect to the Internet or reveal your identity and location"
So, pretty much all of them, then. Great.
Increasingly, I find myself alarmed at how many "need" the access to my contacts permission in order to operate. As well as those that need my location (for better targeted advertising, apparently).
I hope the masses eventually wise up to this and start refusing even the big-name apps until they relinquish permissions they don't *really* need.
I'm an animal lover -- they're delicious!
Well, how open are the apps? This has nothing to do with open/versus closed (which applies only to the applications) but to the screening process for applications. One of the reasons open-source is deemed more secure is that if a bug is found you will be publicly flogged for doing such a stupid thing. Apps however are pretty anonymous as far as the author is concerned (even via a legitimate appstore).
Because unlike Android iPhone apps cannot access your personal info unless you give to them. Except location which you do need to explicitly allow per app and can disable later.
What spyware is installed on an iPhone out of the box, pray tell?
Mainframe/UNIX Bit Twiddler and long time Windows/Linux Hobbyist.
The Theorem Theorem: If If, Then Then.
smartphones are for ID10Ts
It's cute that you think there's never been a remote iPhone exploit.
iOS?
Easy enough to avoid malware. Just run Windows! Wait a minute...
With iOS, there is not much one can do about malware, if it gets past Apple's gatekeepers. JB-ing the device and slapping on Firewall iP is probably the best thing one can do. However, the barrier for entry for malware writers is very high. It is pretty difficult (and more expensive) for a blackhat organization create a new account with Apple , paying them a C-note a year), and cook up some personal info (like bank accounts and such to register under) to even be able to see iTunes Connect, much less have the app approved. This has done a good job in keeping iPhone users safe, although in theory, if an app decided to have some type of module that would allow code execution, users would never know about an app that would be slurping contact info, E-mails, and other items then shipping that off to a blackhat server, especially if the app was smart enough to do it only on Wi-Fi, or a small trickle over 3G.
Because of this, the only permission iOS asks for is for using the GPS. Since the App Store does all the work essentially, there isn't that much of a need to have anything more than that.
Even with Firewall IP, there is no protection against apps deciding to spam with SMS, other than Apple's gatekeepers.
So, Apple's security model may have some (in theory) bad flaws, but it has proven to be decently tight, with exploits being used for jailbreaking as opposed to turning the device into a mobile money machine for criminal organizations.
Android's model is more robust in some ways. If Android phones were shipped with a marketplace that vetted/approved apps [1][2], this would virtually eliminate compromised phones [3].
The nice thing about Android is that even with full root and a custom ROM, app security is just as tight as it is on a vendor ROM. Unlike jailbreaking on iOS which completely creams the security model, apps on Android still function exactly the same on a rooted phone, other than being able to prompt the user for su access.
Since Android isn't reliant on a store's gatekeepers, its permission model has to be robust. It has been OK so far, provided users read and disallow apps like a game demanding full access, but it would be nice to have a better model -- something along the lines of minimum permissions needed to run the app, optimal permissions, and maximum permissions (a notepad app that just stores notes in its directory generally does not need full access or access to root unless it has some special features.)
What can help Android immensely would be an app that runs as root and can allow/disallow access to SD cards, contacts, SMS, phone, and networking. There is an app called LBE Privacy Guard which runs as root and offers features that should really be part of Android (perhaps some features behind an Advanced menu.) CyanogenMod also has similar features for restricting access.
Another app that is a must have for rooted devices is DroidWall, which is essentially a shell for performing iptables commands. This is an immense help because it can not just block network access for apps, but limit the bandwidth hogs to Wi-Fi (or security sensitive apps to 3G).
Pretty much for the tl;dr in all of us, Android would be best off with two tiers of stores, and having the user go through a dialog of "these apps are untested, but the reviews will be a good guide. Use at your own risk" before a user gets access to the free-for-all market. Couple that with the functionality of DroidWall and LBE Privacy Guard which can be set to prompt/allow/deny access to critical things (contacts, network, phone, SMS) integrated into the OS, and Android would be a lot more secure.
[1]: Amazon is good at vetting apps, and it would be nice for Google to offer two tiers of their Marketplace, where one tier would be the current free-for-all, while having another tier (which would cost app developers more because of the time taken) just for apps that would have a "blessed" flag attached.
[2]: It goes without saying to have a way to add more stores, or if Google w
And the more I read about this, the better off I think I am.
Seriously, this summary sounds like there is really no way around this BS except by using a dumbphone and never connecting anything to the Internet.
>free app clones of pay ones are a problem
No, closed source "free" apps are the problem.
--
BMO
Don't download every dumb shit dancing santa talking cat bullshit app your mom's co-workers recommend
option B is to not use a smartphone and get over your facebook/twitter addiction
n/t
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
So we are once again stuck onthe myth perpetuated by the Apple marketing machine that iOS is secure.
Lets disregard that it's been hacked repeatedly and easily, and lets also forget the tens of thousands of people who've had there iTunes accounts hacked and been charged for apps they have never downloaded (I know of 3 personally, none of whom ever got their money back)
But yes, the 50 (out of 400,000) malware infected apps are scary.
> Apple already screen it for you.
Don't you mean Apple already sold it for you?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Good luck getting an OpenPandora...
And why is there a constant need to feed this fear? If I get a weird text message, I ignore it and delete it. "Security measures" that one takes when browsing the web on a computer should apply for cell phones! If you get a pop up saying "click here to jailbreak now" or "click here to get free i-p-a-d" or "click to see my naughty pictures" or "click here to increase your manhood," etc. of COURSE that's fake and should be closed/ignored! If you download apps for your cell phone, then read the reviews! Try to determine if it's a trusted source if possible! Taking these safety precautions under ANY device will make you 99.9% malware proof! Why is this posted on Slashdot? This is the kind of content that the brainless general media would repost over and over again! Not a technology-savvy site!
iOS,
When you have an example of this actually occurring, let me know.
If I used a sig over again, would anyone notice?
You're right! On phones, security through obscurity. Why would anyone target Mango when they have millions of Android phones available?
If I used a sig over again, would anyone notice?
It has been patched but this has happened already.
It's one thing to lock out apps that may send out spam but a other to lock them out based on content.
From the article NOT behind the NYT paywall:
Miller's reward for showing Apple that it, too, is vulnerable? They kicked him out of the app developers program. Nice going, guys.
Isn't that exactly how Apple deals with malware? Think what would happen if Google did that.
now we need to go OSS in diesel cars
50 out of 400k malware infected apps?
The implication seems to be there's only 50 malware infected apps somewhere. Android Market? Only fifty malware infected applications on *the Android Market*?
Have you LOOKED into the Android market? It seems like I can't search for anything without having fifty different knockoffs with extremely broad requirements pop up.
When you have an example of this actually occurring, let me know.
You are joking? One of the original jailbreaks drive-by rooted your iPhone just by visiting a website.
I think you meant buy a Blackberry.
Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
Any system which allows users to run 3rd party software of their choosing is going to be vulnerable to the stupidity of its users. You can't fix stupid users without putting them in a jail cell.
As long as the user is the primary attack vector it's hard to make a blanket statement about a platform's security. Back when Windows would get infected simply by bing turned on and connected to a network without the user doing a damned thing, it was easy to make a blanket statement about how secure Windows was. And even though the trolls told us that there was nothing Microsoft could do because they were the most popular OS, Microsoft did finally do something and the platform did finally become more secure. Once again things have shifted to target the user rather than sending malformed packets and overflowing buffers. It's hard to call a modern Microsoft OS insecure because the attack vector is more commonly stupid user now.
If we can call MS's slow bloated crap secure because it's all or at least mostly on the user, then we can call Android secure too. Sure neither one is as secure as the walled garden but like I said, it's jail or freedom to fuck yourself.
DO THE FOLLOWING (after obtaining a good reputable solid HOSTS file, like mvps' -> http://www.mvps.org/winhelp2002/hosts.htm
---
1.) Get ahold of the "Android Debugging Bridge" (ADB) & install it
2.) Mount your system mountpoint as READ + WRITE (as powerful of priveleges as you need is this)
3.) Using the PULL command, copy the file over from your PC (or even on your ANDROID if its there already) using PULL & overwrite the etc. folder's copy of HOSTS
---
* DONE!
(Yes, it's THAT simple vs. hosts-domain based threats which ARE THE MAJORITY OF THEM OUT THERE (because hosts-domain names are recyclable unlike IP addresses)... &, it works - you CAN'T be burned if you can't go into the malware kitchen!)
APK
P.S.=> Of course, your HOSTS file will need to have the domain/hosts name of the C&C servers, & that you have to obtain for this to work vs. threats like bogus servers &/or maliciously scripted sites. Here's some good sources for that above & beyond mvps.org (I noted them above):
http://hosts-file.net/?s=Download
http://www.malwaredomainlist.com/hostslist/hosts.txt
http://mirror1.malwaredomains.com/files/ (justdomains here)
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=1&mimetype=plaintext
http://sysctl.org/cameleon/hosts
http://someonewhocares.org/hosts/
http://hostsfile.org/hosts.html
http://hostsfile.mine.nu/downloads/
https://zeustracker.abuse.ch/monitor.php?filter=lastupdated
https://spyeyetracker.abuse.ch/monitor.php?filter=lastupdated
http://www.malwareurl.com/
http://www.safer-networking.org/en/download/ (updater for Spybot "Search & Destroy" & it fortifies HOSTS files)
Those are some of my regular sources that are reputable & reliable for custom HOSTS file data populations vs. known threats online - I consolidate them here via programs I wrote that normalize/deduplicate repeated entries, sort/alphabetize the results, & change from larger + slower 127.0.0.1 (longer & loopback ops happen here) to the faster & smaller 0.0.0.0 (or even 0 on Windows 2000/XP/Server 2003): Enjoy!
... apk
Yes, this is totally the place to brag about your device of choice.
And of course, Android devices doesn't let an App access personnal info unless you give them the right to. What kind of moron are you for imagining it any other way ?
hello there my friend
Buy an iPhone. nuff said.
This artichle seems to be solely about Android and it's not that surprising since it's the operating system from the company whose business model is to sell your personal information to everyone who wants it. The users of Android are the advertisers, you are a part of the product packaged by Google for the OEMs and carriers. Welcome to the open!
- Henrik
- when the Shadows descend -
The thing about iOS is, let's say you get malware past Apple or manage to get arbitrary code executed in an app.
What then? You can't do anything interesting (to malware authors). You can't hook into the system keyboard. You can't send an SMS silently to rack up charges. You can't snoop the contents of other applications to pull back data from something like a Chase app.
All of those things are potentially possible on Android, if the user simply agreed to the laundry list of permissions presented to them on launch. Few would look them over, and even if you do granting permission to send an SMS might seem perfectly reasonable for an app even if actual use engaged in foul play.
It's not just Apple's gatekeeping that has kept iOS Malware free, it's that Apple has been far more paranoid about allowing applications access to the system or each other.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
To me the whole issue sounds more like dupe-only than Android-only
That may be true that only "stupid" people get Android viruses (if you define stupid as simply non-technical, which is rather egotistical but whatever).
However iOS users, "stupid" and smart both do not get viruses or malware on iOS because there is none. It's not a matter of degree, it's a matter of Android users can get viruses/Malware and iOS it is not possible (today) to catch anything no matter what you download.
The truth of the story is that mobile malware to date is a WHOLLY Android phenomenon and to try and cast it as a problem everyone has is simply wrong.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The article likes to make it sound otherwise but iOS does not have this issue.
No, closed source "free" apps are the problem.
It's not realistic to think that everyone would compile applications if they could, or be able to do a source audit to see they are truly safe.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Probably CarrierIQ. Apple has admitted it's there, but not enabled by default.
CarrierIQ is on a lot of phones, including Android phones, so this point is moot anyway...
Get a REAL cellphone, not a smart-hd-mini-tablet something. One that looks like a phone, and is HANDY to talk to it.
I love my iPhone, and I feel relatively secure using it. But I have executed a jailbreak on my older iPhone, and it only required me to visit a certain page in mobile safari. Yes, Apple is working hard to defend iPhone users against malicious apps. But they have no control over malicious websites or emails or SMS's.
It has been the year of mobile malware since 2006. It didn't materialize then, the same experts keep predicting it, why should it materialize now? Yes, they will eventually be right but they'll be as surprised and unprepared to deal with it as they were with every new threat that came along while they were waiting for the year of mobile malware.
Because it's so easy?
To me, deliberately jail breaking your iPhone isn't malware. And, from the article you quoted, "the security impact of these vulnerabilities will remain theoretical." You're making a big jump by going from something that you initiated to something that happens by visiting a maliciously-coded Web site.
If I used a sig over again, would anyone notice?
I've often wished the android permission model considered "phone home" and "access the Internet" separately. It seems much less risky to me to allow an application to access a predefined small set of sites than to access "everything".
If I go to the coffeeshop I use VPN to connect, I do have a paid VPN account but I also have a VPN server set up at home on my NAS so I can use that as well if I don't want to pay.
Normally WiFi is off as is Bluetooth.
The only apps that get permission to use my location are TomTom GPS and some camera software both of which are vetted, everything else gets denied as I don't use social sites or any other crapware.
I only give out my real phone number to a very small group of friends & family, everyone else including businesses and stores get my Google voice number, which then allows me to block if it's spam or that Ex that's stalking me, Gvoice best thing ever as spam filtering is to email Gvoice is to my phone (if you don't mind being recorded)
Personally I would pay for Google voice it's that useful to me.
"If any question why we died, Tell them because our fathers lied."
Kate Murphy writes that as cellphones have gotten smarter, they have become less like phones and more like computers,
Really? Did she come up with that all by herself? I don't think I've heard the "cell phones are becoming more like little computers" line before in the last ten years. Boy, they better keep this one on the payroll. Pulitzer, here she comes!
If you want a curated market for Android like Amazon Appstore, you know where to find it.
The problem is that the version of CarrierIQ on IOS have the spyware bits disabled. The "spyware" parts were only active on Androids, and even then, it wasn't even spyware.
So we are once again stuck onthe myth perpetuated by the Apple marketing machine that iOS is secure.
Oh boy, "Apple marketing machine" eh? Queue "imperial march."
Lets disregard that it's been hacked repeatedly and easily
Hardly easily. The first jailbreak admittedly was easy, but take a look at the iOS hackers blogs: jail breaking these things is now crazy hard. Jailbraking now takes multiple exploits and a phone which is physically connected to your system. The latest exploits took months to develop, all the while people are told not to upgrade because the upgrades invariably patch the holes.
Anyway jail breaking is a red herring, what counts is exploits used in the wild. And to the best of my knowledge that's still a big fat 0 for iOS, which is why these articles invariably talk about Android.
and lets also forget the tens of thousands of people who've had there iTunes accounts hacked and been charged for apps they have never downloaded (I know of 3 personally, none of whom ever got their money back)
But yes, the 50 (out of 400,000) malware infected apps are scary.
iTunes is not iOS. They are completely separate products. The security of one has no bearing on the security of the other.
If all else fails, immortality can always be assured by spectacular error.
Are you fucking retarded? There was a period of time when you could totally own an iPhone remotely just by sending it a text message.
Read more careful, dense Apple Hater.
Did I claim there were no VULNERABILITIES? No.
Instead I claimed there is no MALWARE, which was and is true.
Once upon a time, you could have assumed Slashdot readers could understand the difference...
You must be one of the "dupes" he was talking about.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The malware can simply execute the latest jailbreak exploit are the fanboys are so excited about.
That is why Apple quickly fixes remote exploits but leaves tethered jailbreaks alone.
The ability to do what you are suggesting is never an option for long enough that malware can make use of it.
Of course, on Android you have another problem - since many carriers are so reluctant to update, you have vulnerable Android versions handing around a LONG time. That makes it even more appealing for malware writers.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
My iPhone doesn't tell me when an app wants permission to connect to the internet or share/sell my personal information with 3rd parties :-(
Mine does. Requests per domain per app (asked once when the app tries to connect), and requests for listening sockets.
http://isource.com/2009/11/05/firewall-ip-a-firewall-app-for-the-iphone/
If you are not jailbroken, then you can only use the Apple store, and those apps are tested at the API level to verify what they do.
Sure you can't block banner ads this way, but that is by design.
Jailbreak it, and you get the Cydia app, and access to multiple stores (same repo system as apt-get, which you get installed too)
First thing you install with Cydia is the patch for the local exploit if you have any in your version of iOS. Most these days require locally rebooting the phone in a specific debugging mode, so not a remote exploit but a local one. Yes, if you ever lose a smart phone, assume you have no security in place.. For any brand/model/OS. Physical access and all that.
Between Firewall-iP and iBlacklist, I fully control every piece of data going into or out of my phone, be it calls, sms, or data.
No, it's not that *I* necessarily need to see the code (while I appreciate the freedom that I could), but I know other people *can* and *do*
I can set up a project on Github. There can be a long history of commits supposedly accepted from "other" people.
And it can all be a sham, I may never even let anyone else submit anything.
It doesn't even matter if someone looked and found something, if I simply didn't accept changes back. How would you know?
And the truth is, how many real-world people could or would even go so far as to glance at Github? Your manager? That sales guy you met a few times?
What you are asking for is nice in theory but of no value to the world (within a rounding error) in practice.
I am all for open source, don't get me wrong - it's extremely valuable and I make heavy use of it myself. I just don't kid myself that it provides any real security value for all but the most well-known projects (where not only do you have a lot of people looking but real malware would be called out far and wide).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
[Citation Needed]
Hearing that Billy Joe Jim Bob's ex wife's in law's cousin's grandmother had a problem with iOS doesn't mean that they got hacked through their phones.
Occam's Razor -- it is a lot more possible that the compromised accounts were due to malware slurping up iTunes usernames/passwords from an iTunes cache, a keylogger, or a fake dialog asking for the iTunes password, rather than an iOS hole. Compromised PCs are the norm, not the exception it seems.
Realistically, iOS shows that Apple's method of security works -- there has yet to be any reliable reports of infected/compromised iPhones out in the wild, barring JB-ed devices with an open sshd and default root/mobile passwords. (Cydia needs to take from the old Rock app store and allow changing of the device's user passwords without needing to get a half-broken terminal app working, or ssh-ing in.)
This doesn't mean the device is unhackable; it just shows that even though Apple's closed system may be annoying, in the real world, its security model is extremely good.
"Alternatively, don't download shit you don't trust? Mind you, that might be too straightforward for most people to follow, I know." - by Nemyst (1383049) on Sunday January 29, @11:08PM (#38861647) Homepage
Per my subject: When you use custom HOSTS files, the sources I point out not only SECURE YOU vs. known malicious sites/servers/hosts-domains (BONUS), but additionally?
Well, you also gain SPEED (The truly DOUBLE-BONUS)!
How so? Well, because most of the HOSTS file data sources I listed also blockout adbanners too!
(Which are a HUGE %-age of the mass of most websites' pages, & their scripts eat CPU too as well as adding to the mass to download & process... Plus, adbanners have also been known to carry malicious script in them too more than just a few times over the years...)
Blocking adbanners is NOT the ONLY SPEED-GAIN either!
You can also "hardcode in" your favorite sites into it - this you MAY have to maintenance once in awhile though (because sites change their hosting providers, but, for example? I hardcode 250 of my fav. sites into my HOSTS files, & I have only had to change 10 of them since 2005)!
Anyhow/anyways:
The hardcoding of favorites into a custom HOSTS file's a speed gain by not having to call out to a remote DNS server for their IP address resolution too!
(That often takes 100's of ms, whereas resolving favs from a HOSTS file? Mere ns from RAM once the HOSTS files' cached... TRIPLE - BONUS!)
APK
P.S.=> Custom HOSTS files are a "win-win" on both security and speed gain fronts... no questions asked!
Now, per your statements:
Agreed!
However, when folks perceive they WANT/NEED an app, & find it interesting??? Good luck stopping them... & that's the ones that are "semi-aware", & the rest who have no clue about the threats potentials online???? Hey... come on, you KNOW they're going to get burned (& this is where things like HOSTS files protect they)...
... apk
Install Droidwall, a powerful FOSS IP tables firewall. Use the whitelist feature to only allow network access to apps that need them to function.
Next, use an ad blocking hosts file. Either manually update /system/etc/hosts, or use AdAway, which will auto update your hosts file with ad server entries and is also FOSS.
Third, get LBE Privacy Guard. This monitors permission usage and lets you override the defaults (something which I believe is baked into CyanogenMod) on a per app basis by alerting you whenever an app tries to access the internet, or your phonebook, IMEI or other personal information.
With these three set up, I really don't have to worry either about ads on the phone platform or of any app accessing the net or doing things behind my back.
"..One hosts to look them up, one DNS to find them, and in the darkness BIND them."
There's always a first time, but I think there's a good chance the security impact of these vulnerabilities will remain theoretical. Despite JailbreakMe 2.0 being open sourced after an updated version of iOS was released, which would have made it relatively easy to modify the code into an attack, I didn't hear about any such modification except a proof of concept that showed up much later.
Like it or not, requiring code signing is going to cut out 95% plus of the malware out there. Sure, you may still run into security vulnerabilities in preinstalled apps (this will always be a problem), but the easiest piece of the puzzle to break has always been the user. Disallow the user to run unsigned code (either controlled at the vendor level, or the corporate IT admin level) and that problem goes away.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
RIM should have released their new BB based on Android with their value proposition being corporate security & corporate manageability.
They should have focused on their corporate platform and ensured android apps are sandboxed and isolated improving corporate "trust" and security.
I use a BB and will stick with it for a number of reasons but the BB market cannot compete with the Android market.
-Tim
IMO, Android seems to be the windows of mobile phones so avoid it.
However HOSTS don't only block ads: They block malicious sites/servers too & a LOT more -> http://mobile.slashdot.org/comments.pl?sid=2644205&cid=38861707
* Thus, you MAY find that an "interesting read" (was rated that way), because it might "turn you on" to the other gains hosts file yield (speed, not just security).
APK
P.S.=> Enjoy - because putting both methods (& in combination with others noted on this page) is only practicing the best thing we've got going vs. these threats - "Layered-Security"/"Defense-In-Depth"... Especially possibly THIS "recent development" (SeAndroid) -> http://selinuxproject.org/page/SEAndroid
... apk
but.. but.. they ALL require internet access.. apparently...
(grrr, damn you google for preventing me from being able to control my own phone. no, a jailbreak is not acceptable. I paid for this device. give me root access on it, and soon.. ice cream sandwich *should* have had sudo made available. grrr)
You have a sick, twisted mind. Please subscribe me to your newsletter.
You could probably do it via a wget even (assuming that command's ported to ANDROID's version of Linux that is)...
The only thing to look out for really/possibly, is the file format: You might have to run a dos2unix type app over a custom HOSTS file that's intended for Windows (rather than *NIX variants) - assuming you can't download one that's immediately "*NIX ready" etc./et al that is...
* However, many of the sites I noted for hosts file data offer both Windows &/or *NIX file formats for their custom HOSTS file data so, there you go!
APK
P.S.=>
"Only on Slashdot could you say that with some vague sense of truth to it." - by SoupIsGoodFood_42 (521389) on Sunday January 29, @08:30PM (#38860879)
One thing I'll NEVER understand, is this: Why is it that many /.'ers think they're the only people that can read & follow directions, or that have ANY "technical understanding"?
I mean, hey - This concept & technique is VERY simple to understand, as far as how to install a custom HOSTS file, how to get data to populate it (& if need be? An Access import & "SELECT * DISTINCT FROM (tablename) ORDER BY ASC" type query & export can do the deduplication/normalization end even).
E.G.-> I've taught it to people who have NO CLUE in computing in fact, & they took to it like ducks to water - especially custom editing their custom HOSTS file with text editors once they understand what speeds them up (hardcodes) & secures them + how, by blocking out bogus sites/servers!
(And? Heck - They ought to like it & take to them fast! Especially considering a custom HOSTS file acts as a security layer AND more-or-less, an "online turbocharger" for speed too, for free! You already own one anyhow, with any OS that uses a BSD based IP stack (which IS most))...
... apk
Knockoffs != malware
I was doing an iPhone app that was supposed to have a Blackberry version also.
I told them it might be possible but I'd have to review the difficulty level. So, I spent the weekend examining the Blackberry API.
Now I know Java and C++ and lots of other languages quite well. I have seen a ton of different API's on various platforms, I've even done some J2ME work in the distant past.
NOTHING I have seen was as horrible to think about programming against than the Blackberry API. I flatly stated that it would take far too much time for me to port, but I would help someone else if they could find a Blackberry developer - they could not. The Blackberry version was eventually dropped.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
make the os ask for permission when the permission is needed, not when the app is installed.
This is what iOS does. When an application needs access to location data, it asks you right then - so you have the full context of what it is trying to to and if it makes sense to have that permission at that time.
I think it makes a world of difference in terms of really protecting users who can't otherwise understand a big list of permissions. If you were just running along in a game and the system asked "hey, I'd like to make a phone call now to xxx-xxx-xxxx" then you'd damn well say no.
It doesn't even have to be intrusive, iOS's location system asks you only once and then you can adjust the setting in the system menu. It does ask you every time a call is placed but given the degree of potential danger around that I don't see an issue with that.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Knockoffs with extremely broad requirements certainly hint towards malware.
Not that I'd install them myself.
"The image this title brings to mind is of a mighty military commander, one who can at a mere word summon rank upon rank of protective power." http://answers.yahoo.com/question/index?qid=20081010142651AAPvMox