Slashdot Mirror
Google May Soon Scan Your Android Apps For Malware
An anonymous reader writes "Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company's recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. 'Google yesterday started rolling out an update to its Google Play Store app: version 3.8.17 from August was bumped to version 3.9.16 in October. Android Police got its hands on the APK and posted an extensive tear down. The first change noted was the addition of new security-related artwork (exclamation icons and security shields) as well as the following strings: App Check 'Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.''"
Good enough for the time being: I know my responsibilities as end-user.
All those moments will be lost in time, like tears in rain. Time to die.
Does this mean that Android phones are now going to be slower?
Why? Attempting to make your shit safer is a bad thing?
AM I the only one who just wants to communicate without all the trouble. Smart phones brought us the troubles of having too much.
~ Best man at your service.
No not all, allowing shit to happen in the first place is a bad thing. Prevention is better than cure.
No not all, allowing shit to happen in the first place is a bad thing. Prevention is better than cure.
And how the fuck does the act of being an iPhone do THAT?
Lame fanboi is lame.
That's why Apple let all those apps upload your contact info to the internet.
-]Phreak Out[-
Trusted software from a known source. Bit like a Linux distro ;)
Wah. All those apps? There were a couple and they closed it off. Enjoy your cheap copy Android phone and its malware.
Riiiiiiiiight...
Why not just run them in a sandbox? They're already in a VM (the JVM) and only get to OS things via API calls. What's the problem here that I'm not getting?
The model Android uses is the same as Linux. You can use a trusted respository (of your choice), or install things manually. The only question is the level of trust and how deeply apps in the repositories are reviewed. It's a great model and gives you choice. I do think Google or someone else should provide a more carefully reviewed repository, but that can still happen. Even with that, and with the completely locked down iOS model though, things will sneak through. Exploits will be found through the browser, etc.
Hmm... odd. I want to see this mythical Android virus.
Don't worry, sooner or later you'll bump into one.
Right. Which wasn't a) an endemic problem as with Android, b) an issue any more thanks to the privacy measures now in iOS. And I still don't need to run anti-virus on my mobile.
... of most of the malware in the wild.
Even today, after years of knowing about the problem, they still have a 20% infection in the OFFICIAL distribution channel.
Instead of scanning the apps that I choose to install on my phone, why not just scan the apps they allow on their Play Store? Then, if people choose to install applications outside of the store, it'll be at their own risk. Also, scanning the app ONCE on their store makes more sense than redundantly scanning it millions of times on each users phone.
Bingo. The weakness is that an app maker can make a new program, tack a bunch of fake reviews to get 1000+ five stars, then push a malicious app out. Most users don't really pay attention to what an app is asking for permission-wise.
I really wish Google would split their store into two tiers, where there is the existing Google Play setup, as well as a setup that adheres to a rigid set of rules. If a developer does not want to play with the guidelines, don't have to, the app just won't be in the vetted tier.
The reason iOS has been so clean [1] historically is that Apple has a set of guidelines, the guidelines are for Apple's benefit, and they are enforced brutally with no appeals given. By being the active gatekeeper and removing stuff before it even hits the store, it keeps the bad stuff out of the ecosystem.
[1]: I don't know of any happenings of iOS malware in the world. Running 100% secure going on 5 years is quite an accomplishment.
ran the apk. file against something like
# strings -n 3 | less
I think this is a good move. Instead of locking everyone into a single store, google can keep users free and safe.
If only microsoft would've done the same two decades ago.
For one, it would be open souce then.
The real issue is apps with malicious design intentions ... like ones that track your activity for advertising.
now we need to go OSS in diesel cars
Maybe now that Android is a big market player and is threatened by malware it will finally shut up Linux zealots who claim Linux doesn't get viruses.
no really what if i want to put it there so that when you come to mess with my phone ill screw you large and then know whom stole my phone or messed with it....
no really im evil user ( waves) don't fuck with "evil user"
Google?
apps are vetted before they hit the store.. has nothing to do with the hardware.
The question is: Can you trust the source?
I really wish Google would split their store into two tiers, where there is the existing Google Play setup, as well as a setup that adheres to a rigid set of rules. If a developer does not want to play with the guidelines, don't have to, the app just won't be in the vetted tier.
I was under the impression that Amazon had created its own more vetted tier in the Amazon Appstore.
The argument of BasilBrush and other fans of forced curation, as I understand it, is that the percentage of not-yet-detected malware is far higher in Google Play Store than in the iOS App Store.
Prevention is better than cure.
And how the fuck does the act of being an iPhone do THAT?
Trusted software from a known source. Bit like a Linux distro ;)
Ubuntu makes it easy for end users to install third-party repositories called Personal Package Archives. I've been told that sufficiently large companies can run the equivalent of a PPA for iOS, but only by paying Apple a recurring fee for an enterprise developer license, and then only for access by the company's employees.
I am happy now to not carry dumbphone, PDA, MP3 player, GPS and camera all in my pants.
Since when did PDA and MP3 player need to be separate? When smartphones allegedly took over from PDAs, PDAs had already gained multimedia playback. For example, the Archos 43 Internet Tablet, an Android-powered PDA, could play music and video and had a basic camera. Samsung would later introduce its own PDA, the Galaxy Player, that also included a GPS. So someone trying to save money on his cell phone bill need carry only two devices: a dumbphone and a PDA that doubles as a digital audio player, GPS, and camera.
No most Linux[sic] users think Linux refers to the kernel, of the OS, but use it as a generic name for *Linux based Distributions"
Which means RMS was right about calling it "GNU/Linux". Unlike Linux distributions typically installed on a laptop, desktop, or server, Android contains little if any software produced by the GNU project. For example, it uses Google Bionic instead of glibc. Embedded Linux systems likewise tend to replace GNU software, such as replacing glibc with lighter weight Newlib or uClibc.
no really what if i want to put it there
Internet service providers don't want customers who want malware.
so that when you come to mess with my phone ill screw you large and then know whom stole my phone or messed with it
As long as it's under the control of the device's owner, a LoJack style application is not malware.
This was an entertaining post and an amusing break from all of the argument about Google vs. Apple.
It should be +5 Funny. If that isn't what the author intended, tell him that's tough titty: it should still be +5 Funny.
It is a miracle that curiosity survives formal education. - Einstein
I had always assumed that there was an approval process that looked for this type of stuff. I guess i was wrong?
Mobile phones should not require software like Norton anti-virus so Android's already failed there. But i don't think this tackles a bigger concern. A lot of apps ask for too many permissions and user's data is taken. You should be able to manage individual permissions, At a guess Google isn't going to do anything about that.
The Google Play store does not say whether or not a 'free' app contains ads - especially the distracting blinking banner ads. It's fine for developers to do this and users may accept it rather than buying the app, but developers should disclose it up front. I get sick of downloading apps only to delete them. Plus many 'free' apps want access to your phone state, so they can see your phone number, who you call, and when you call them. Sneaky:
And take the children's drawing game which server up adult ads
Hannah-Siobhan - September 13, 2012 - Good basic game. Shame for the adverts my kids can click on, needs to have a lock screen option.
kristen - September 29, 2012 - Not kid friendly ads - Good time waster for kids, but the ads contain mature content, I saw buttocks yesterday...
Laura - September 19, 2012 - Version 4.0.1 - Disappointed - They show poor judgement with their advertising. With inappropriate pictures I cannot let my children use this app.
https://play.google.com/store/apps/details?id=virtualgs.kidspaint
This was an entertaining post and an amusing break from all of the argument about Google vs. Apple.
Those of us who've seen the exact same post 50+ times already do not agree.
You end up with a PDA with no connectivity
It has connectivity at any Wi-Fi AP whose key is published. This includes home, work, and restaurants, just not the bus.
Take that smart phone and put it on a cheap prepaid plan with very little data
Virgin Mobile USA has dumbphones with $5/mo "payLo" plans and smartphones with $35/mo "Beyond Talk" plans. Someone not yet ready to spring for that extra $360 per year might be willing to carry two devices.
The concept of software freedom is lost on you, isn't it?
It's your device. You should be able to have complete control of the software that runs on it. So "allowing bad stuff to happen" is what software providers SHOULD do, unless you specifically opt to have the software provider manage your device for you.
IMO, that's a legitimate option and appropriate for most users. Even Stallman might agree with that. But they shouldn't attempt to control what you have if you don't opt to have them control your machine.
Android is built on Linux, which is built on the assumption that the device's owner deserves and will get software freedom of the sort I'm talking about.
If you prefer to have somebody else manage and control what software is on your phone or tablet, that's what Apple does.
I'm not all the way in one camp or the other. My wife and daughter choose Apple devices and their walled garden. I choose Android and a little more flexibility.
,, and you will find hundreds of citations.
The 20% infestation is being on the news for the last 2 years. Google continues to ignore it.
.... I see no reason or excuse why Google refuses to do what is right.
Oblig Doonesbury strip, Oct 14, 2012: http://www.gocomics.com/doonesbury