Slashdot Mirror
Google May Soon Scan Your Android Apps For Malware
An anonymous reader writes "Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update, as well as the company's recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. 'Google yesterday started rolling out an update to its Google Play Store app: version 3.8.17 from August was bumped to version 3.9.16 in October. Android Police got its hands on the APK and posted an extensive tear down. The first change noted was the addition of new security-related artwork (exclamation icons and security shields) as well as the following strings: App Check 'Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.''"
Good enough for the time being: I know my responsibilities as end-user.
All those moments will be lost in time, like tears in rain. Time to die.
Does this mean that Android phones are now going to be slower?
this exactly why iphone
AM I the only one who just wants to communicate without all the trouble. Smart phones brought us the troubles of having too much.
~ Best man at your service.
Riiiiiiiiight...
Why not just run them in a sandbox? They're already in a VM (the JVM) and only get to OS things via API calls. What's the problem here that I'm not getting?
Hmm... odd. I want to see this mythical Android virus.
Don't worry, sooner or later you'll bump into one.
... of most of the malware in the wild.
Even today, after years of knowing about the problem, they still have a 20% infection in the OFFICIAL distribution channel.
Nobody Seems To Notice and Nobody Seems To Care - Government & Stealth Malware
In Response To Slashdot Article: Former Pentagon Analyst: China Has Backdoors To 80% of Telecoms 87
How many rootkits does the US[2] use officially or unofficially?
How much of the free but proprietary software in the US spies on you?
Which software would that be?
Visit any of the top freeware sites in the US, count the number of thousands or millions of downloads of free but proprietary software, much of it works, again on a proprietary Operating System, with files stored or in transit.
How many free but proprietary programs have you downloaded and scanned entire hard drives, flash drives, and other media? Do you realize you are giving these types of proprietary programs complete access to all of your computerâ(TM)s files on the basis of faith alone?
If you are an atheist, the comparison is that you believe in code you cannot see to detect and contain malware on the basis of faith! So you do believe in something invisible to you, donâ(TM)t you?
Iâ(TM)m now going to touch on a subject most anti-malware, commercial or free, developers will DELETE on most of their forums or mailing lists:
APT malware infecting and remaining in BIOS, on PCI and AGP devices, in firmware, your router (many routers are forced to place backdoors in their firmware for their government) your NIC, and many other devices.
Where are the commercial or free anti-malware organizations and individualâ(TM)s products which hash and compare in the cloud and scan for malware for these vectors? If you post on mailing lists or forums of most anti-malware organizations about this threat, one of the following actions will apply: your post will be deleted and/or moved to a hard to find or âdeleted/junk postsâ(TM) forum section, someone or a team of individuals will mock you in various forms âtin foil hatâ(TM), âconspiracy nutâ(TM), and my favorite, âwhere is the proof of these infections?â(TM) One only needs to search Google for these threats and they will open your malware world view to a much larger arena of malware on devices not scanned/supported by the scanners from these freeware sites. This point assumed youâ(TM)re using the proprietary Microsoft Windows OS. Now, letâ(TM)s move on to Linux.
The rootkit scanners for Linux are few and poor. If youâ(TM)re lucky, youâ(TM)ll know how to use chkrootkit (but you can use strings and other tools for analysis) and show the strings of binaries on your installation, but the results are dependent on your capability of deciphering the output and performing further analysis with various tools or in an environment such as Remnux Linux. None of these free scanners scan the earlier mentioned areas of your PC, either! Nor do they detect many of the hundreds of trojans and rootkits easily available on popular websites and the dark/deep web.
Compromised defenders of Linux will look down their nose at you (unless they are into reverse engineering malware/bad binaries, Google for this and Linux and begin a valuable education!) and respond with a similar tone, if they donâ(TM)t call you a noob or point to verifying/downloading packages in a signed repo/original/secure source or checking hashes, they will jump to conspiracy type labels, ignore you, lock and/or shuffle the thread, or otherwise lead you astray from learning how to examine bad binaries. The world of Linux is funny in this way, and Iâ(TM)ve been a part of it for many years. The majority of Linux users, like the Windows users, will go out of their way to lead you and say anything other than pointing you to information readily available on detailed binary file analysis.
Donâ(TM)t let them get you down, the information is plenty and out there, some from some well known publishers of Linux/Unix books. Search, learn, and share the information on detecting and picking through bad binaries. But this still will not touch
Instead of scanning the apps that I choose to install on my phone, why not just scan the apps they allow on their Play Store? Then, if people choose to install applications outside of the store, it'll be at their own risk. Also, scanning the app ONCE on their store makes more sense than redundantly scanning it millions of times on each users phone.
ran the apk. file against something like
# strings -n 3 | less
I think this is a good move. Instead of locking everyone into a single store, google can keep users free and safe.
If only microsoft would've done the same two decades ago.
For one, it would be open souce then.
The real issue is apps with malicious design intentions ... like ones that track your activity for advertising.
now we need to go OSS in diesel cars
Maybe now that Android is a big market player and is threatened by malware it will finally shut up Linux zealots who claim Linux doesn't get viruses.
no really what if i want to put it there so that when you come to mess with my phone ill screw you large and then know whom stole my phone or messed with it....
no really im evil user ( waves) don't fuck with "evil user"
I really wish Google would split their store into two tiers, where there is the existing Google Play setup, as well as a setup that adheres to a rigid set of rules. If a developer does not want to play with the guidelines, don't have to, the app just won't be in the vetted tier.
I was under the impression that Amazon had created its own more vetted tier in the Amazon Appstore.
The argument of BasilBrush and other fans of forced curation, as I understand it, is that the percentage of not-yet-detected malware is far higher in Google Play Store than in the iOS App Store.
Prevention is better than cure.
And how the fuck does the act of being an iPhone do THAT?
Trusted software from a known source. Bit like a Linux distro ;)
Ubuntu makes it easy for end users to install third-party repositories called Personal Package Archives. I've been told that sufficiently large companies can run the equivalent of a PPA for iOS, but only by paying Apple a recurring fee for an enterprise developer license, and then only for access by the company's employees.
I am happy now to not carry dumbphone, PDA, MP3 player, GPS and camera all in my pants.
Since when did PDA and MP3 player need to be separate? When smartphones allegedly took over from PDAs, PDAs had already gained multimedia playback. For example, the Archos 43 Internet Tablet, an Android-powered PDA, could play music and video and had a basic camera. Samsung would later introduce its own PDA, the Galaxy Player, that also included a GPS. So someone trying to save money on his cell phone bill need carry only two devices: a dumbphone and a PDA that doubles as a digital audio player, GPS, and camera.
No most Linux[sic] users think Linux refers to the kernel, of the OS, but use it as a generic name for *Linux based Distributions"
Which means RMS was right about calling it "GNU/Linux". Unlike Linux distributions typically installed on a laptop, desktop, or server, Android contains little if any software produced by the GNU project. For example, it uses Google Bionic instead of glibc. Embedded Linux systems likewise tend to replace GNU software, such as replacing glibc with lighter weight Newlib or uClibc.
no really what if i want to put it there
Internet service providers don't want customers who want malware.
so that when you come to mess with my phone ill screw you large and then know whom stole my phone or messed with it
As long as it's under the control of the device's owner, a LoJack style application is not malware.
I had always assumed that there was an approval process that looked for this type of stuff. I guess i was wrong?
Mobile phones should not require software like Norton anti-virus so Android's already failed there. But i don't think this tackles a bigger concern. A lot of apps ask for too many permissions and user's data is taken. You should be able to manage individual permissions, At a guess Google isn't going to do anything about that.
The Google Play store does not say whether or not a 'free' app contains ads - especially the distracting blinking banner ads. It's fine for developers to do this and users may accept it rather than buying the app, but developers should disclose it up front. I get sick of downloading apps only to delete them. Plus many 'free' apps want access to your phone state, so they can see your phone number, who you call, and when you call them. Sneaky:
And take the children's drawing game which server up adult ads
Hannah-Siobhan - September 13, 2012 - Good basic game. Shame for the adverts my kids can click on, needs to have a lock screen option.
kristen - September 29, 2012 - Not kid friendly ads - Good time waster for kids, but the ads contain mature content, I saw buttocks yesterday...
Laura - September 19, 2012 - Version 4.0.1 - Disappointed - They show poor judgement with their advertising. With inappropriate pictures I cannot let my children use this app.
https://play.google.com/store/apps/details?id=virtualgs.kidspaint
You end up with a PDA with no connectivity
It has connectivity at any Wi-Fi AP whose key is published. This includes home, work, and restaurants, just not the bus.
Take that smart phone and put it on a cheap prepaid plan with very little data
Virgin Mobile USA has dumbphones with $5/mo "payLo" plans and smartphones with $35/mo "Beyond Talk" plans. Someone not yet ready to spring for that extra $360 per year might be willing to carry two devices.
,, and you will find hundreds of citations.
The 20% infestation is being on the news for the last 2 years. Google continues to ignore it.
.... I see no reason or excuse why Google refuses to do what is right.
Oblig Doonesbury strip, Oct 14, 2012: http://www.gocomics.com/doonesbury