New Android Malware Uses Google Play Icon To Trick Users

An anonymous reader writes "A new trojan for Android has been discovered that can help carry out Distributed Denial of Service (DDoS) attacks. The malware is also capable of receiving commands from criminals as well as sending text messages for spamming purposes. The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks. The malware disguises itself as a legitimate app from Google, according to the firm."

This is why you want a walled-off app store

Because people will download and run apps from that store.

And there's little/no AV protection.

Re:This is why you want a walled-off app store

[masternerdguy]

Actually the android sandbox is quite sophisticated. Jellybean will randomize the location of an application's memory region in order to make buffer overflow attacks harder. Granular permissions allow a user to know exactly what an app wants to do before they even install it (it's written into the API that the app must ask for these permissions). Also Google does automated malware testing on their store in order to weed out undesirables. This thing is spread by installing an APK off of a warez site and ignoring all the scary warnings.

Re:This is why you want a walled-off app store

Not to mention that by default you aren't allowed to install an APK from a source besides the play store, you have to manually disable that restriction.

Re:This is why you want a walled-off app store

Because people will download and run apps from that store.

And there's little/no AV protection.

There is very little AV protection against users. They are the weakest link, but we can't have successful software companies without end users.

Re:This is why you want a walled-off app store

Actually the android sandbox is quite sophisticated. Jellybean will randomize the location of an application's...

It's too bad that it was released in June 2012, and still, nobody has it. So while I'm sure newer versions of Android are much improved, but it doesn't much matter to anyone if the horrible manufacturers won't put an ounce of effort into maintaining the devices.

Re:This is why you want a walled-off app store

[alostpacket]

Yes but this uses an official ICON. Clearly no way to forge that. I've never seen anyone think to use logos or icons for nefarious purposes before. Luckily I am protected here on my Windows 7 machine. I clicked an ad using the Windows 2000 theme that alerted me to major potential threats in my "regisetery"... Had a similar experience on my Macbook Air. Thank goodness for the altruism of all those interwebs ads and sites.

In all seriousness though, this could be a problem for people who root/ROM and install their Google apps from sources other than Google. Granted, when you root/ROM you should be aware of the risks, but it still presents a small danger.

Many Google apps however request permissions that need the app be signed with the same key as the ROM and/or the system key.

See: http://developer.android.com/guide/topics/manifest/permission-element.html#plevel

"signature"
A permission that the system grants only if the requesting application is signed with the same certificate as the application that declared the permission. If the certificates match, the system automatically grants the permission without notifying the user or asking for the user's explicit approval.

"signatureOrSystem"
A permission that the system grants only to applications that are in the Android system image or that are signed with the same certificate as the application that declared the permission. Please avoid using this option, as the signature protection level should be sufficient for most needs and works regardless of exactly where applications are installed. The "signatureOrSystem" permission is used for certain special situations where multiple vendors have applications built into a system image and need to share specific features explicitly because they are being built together.

Re:This is why you want a walled-off app store

Why do you hate APK? Is it because he owned you with his superior facts and logic?

APK is the Android application package file format

Re:This is why you want a walled-off app store

[rjr162]

....
My Samsung galaxy s3 (gt-i9000) received the 4.1.1 update about 3 or so months ago (from samsung). My neighbors Motorola atrix 2 or whatever received the 4.1.2 update about 2 months or so ago (He has verizon). The Motorola xoom I got my grand father also has received 4.1.1 iirc when I set it up for him after I received it from eBay about 3 weeks ago

Re:This is why you want a walled-off app store

It shouldn't have even taken that long though. When Google releases an Android update, it trickles down to the phone manufactures like Samsung who put their tweaks into the code. Samsung in particular seems pretty fast about it (and I'm sure they get access to the pre-release source as well to speed up go-to-market time).

The real bottleneck are the carriers who absolutely drag their feet. AT&T (my carrier) took several months to do what is basically just adding in their bloatware and spyware garbage into Samsung's release of Jellybean - something that should realistically take a couple of weeks at most. That is why I'm running CM10.

AT&T just released 4.1 to the S3 a couple of weeks ago after months of waiting. What sucks about that is 4.2 is already out. 4.1, while still usable and relevant, is already out of date.

While I prefer Android personally on my phone, this is one area in particular where Apple has an edge. iOS updates don't go through this nonsense.

I hope Google can do something to get the carriers to cut out their bullshit, otherwise this is one area that is hurting Android's perception.

Re:This is why you want a walled-off app store

Though I don't disagree with you here, I do wish to point out that the "Granular permissions" you speak of can be as amazingly specific as "requires internet access" and "access your contacts" and on a standard Android phone, you have to accept all of them or none of them.

Re:This is why you want a walled-off app store

[screwdriver]

It does sound more like a proof of concept than an actual attack.

Re:This is why you want a walled-off app store

pssssssst...

*Whoooosh*

Re:This is why you want a walled-off app store

[BitZtream]

ASR is cute, but only stops the most trivial of exploit efforts. And this isn't exploiting anything other than the user so ASR is 100% useless.

Granular permissions in the style of Android are practically useless and heres why, a statement from my wife just last night as she played with her Nexus 7:

Does anyone even say no to these permissions since every app wants a bunch of them and you can't use it without click yes?

When every app including crap from Google asks for all sorts of shit, like access to your freaking call log, normal people quickly just click Ok instead of bothering with actually determining the permissions are needed. They've done the same thing as Microsoft. Made the 'security feature' so utterly obnoxious as to be practically useless.

How about letting the app run WITHOUT those permissions? Why do I have to decided if I want an app or not based on the fact that it wants access to my call log at install time rather than saying 'no, you cant see me call log' and still getting the app? Why can I not use the app but tell it to go fuck itself when it wants access to my contacts?

The answer is simple. Google doesn't actually want it to be too secure as that would prevent them from getting all the information they want to target you.

Its really not a great sandbox other than it functions the way it was intended. From a user perspective, its pretty shitty.

Re:This is why you want a walled-off app store

AC provided a source and you provided an anecdote. Nice.

Actually, you're wrong. That "source" wasn't indicative of anything other than what accessed the play store during a 2 week period.

It could very well be that data represents people getting new devices for the holidays and are then *gasp* upgrading the device. I know I have 1 device that never sees the app store running JBean. While rjr's data may be anecdotal, it also coincides with my everyday observances. 3 of my 4 co-workers are running Jbean on Motorolla or Samsung smartphones, while the other has an Iphone5.

Re:This is why you want a walled-off app store

[erroneus]

Indeed this is the most significant truth of it all.

In iOS land alone are users "not responsible for their actions." For people to go around installing malware on PCs is a known problem. Save MSIE vulnerabiilities enabling drive-by installations and program execution, people install malware on their own machines.

Now if this story was about a vulnerability in Android devices which permitted this type of system compromise, we might have a much more significant story. But what we have, instead, is reaffirmation that with Android, users have freedom to install the software of their choice just as they have with MacOSX and Microsoft Windows and other Linux distributions. We also have the recognition that users are not invulnerable to attack because they are using something other than MS Windows.

Is this a sign that Android has "matured"? No. iOS is pretty mature and does not exactly suffer from such attacks. (oh wait, yes it does!) It is a sign that bad-wetware has recognized that Android is popular enough and free enough to make its users a target. At the end of the day, of course, it is the users which are being targetted and their devices, software and data are the means and the objective of the attack.

This story is useful in that it is important that everyone be aware of the risks of running any software, but especially software from dubious sources. But let's hope the real message is not lost in the hype and flag waving.

Re:This is why you want a walled-off app store

[erroneus]

Cricket.

I was investigating prepaid phone service options because I want to save money and prepaid service seems to be the way to do it. Once shop I visited was "Cricket." The first thing they asked was "what kind of phone do you have?" I said "unlocked GSM." They said, but we have to install our software on it... we have to flash your device before we can put it on our network. I was utterly shocked and then angered. I left before I said anything I might regret, but I will not be doing business with Cricket now or in the future. Bad enough the carriers I buy my phones from want to control my devices. Another carrier wants to modify my property so that I can be their customer.

No. And why would I object so much to that idea?

Because I don't know what they will be putting on my computer and nor will they tell me. And so for the same reason I would not do business with Cricket, I will not generally install software from unknown sources.

Re:This is why you want a walled-off app store

[alostpacket]

Interesting. Did you get any sense of what they wanted to install? I dont know enough about that specific area but I wonder if there are any legit reasons they might do this. Maybe relating to ESN/MEID/etc, or some type of radio frequency tuning... Still, I would likely have done the same in your shoes.

Re:This is why you want a walled-off app store

You're wrong. Feel free to pull as many other sources as you like.

Also, the data is from before xmas.

Re:This is why you want a walled-off app store

[SomePgmr]

S2 here. It took them a year to deploy ICS after it came out. Seven months since Jelly Bean came out will actually be a huge improvement, even though it'll already be out-of-date.

While I still prefer Android over iOS, I've learned my costly lesson... don't even consider buying an Android device that isn't a Nexus.

Also, as someone that writes software for Android, I don't like having to target Gingerbread (circa 2010) or give up half the market. Google needs to do something about the savages leeching the platform just to pump out new devices and abandon them.

Re:This is why you want a walled-off app store

Including the GP we've confirmed six people on Jelly Bean. Can anyone confirm the other three?

Re:This is why you want a walled-off app store

Android is as suave as Windows 95.

FTFY

Re:This is why you want a walled-off app store

[bedouin]

I was with Cricket for a couple years. I bought a new phone from them on one occasion, and when I asked for a data cable, the salesperson asked what I intended to do with it. I answered "sync my addresses" because I knew that was the answer she was looking for . . .

When did Cricket switch from CDMA to GSM?

Re:This is why you want a walled-off app store

[bedouin]

The main reason is probably to lock you into their store for ringtones and games. Their guise for it all would probably be so-called security. At least that's the impression I got while I was their customer.

Check this out, to actually DOWNLOAD apps from their store they made you pay some sort of extra charge. Paying them money for apps wasn't simple enough. I passed and got busy modifying the firmware in a hex editor.

If you visit a Cricket location you'll see mostly poor folks who can't pass a credit check, and Cricket milks them hard for basic features -- like caller ID. To make matters worse, their coverage rarely goes beyond the city; travel 25 miles out and bam -- no service, no roaming even. It's an all around bad deal. For me I wanted a no contract plan since I hoped to move overseas.

Trying to cancel my account was a pain. The customer service people on the phone kept offering me new deals of some sort -- totally ignoring that I've moved to an area without coverage, and I reiterated that fact repeatedly.

Re:This is why you want a walled-off app store

Samsung has always (even with the SGS1) provided enhanced features from their updates.

Stock Android 4.1 is nowhere near as capable as Samsung's 4.1. You can, of course, add in software to Stock 4.1 to add features to make it equivalent to Samsung's 4.1. There is no "edge"; Samsung is already providing you with some 4.2 features in their 4.1 firmware PLUS a bunch of other things.

There is nothing Samsung or Android needs to do with "hurting Android's perception." Most aren't even aware what version of OS their running (even if it's prominently displayed on a boot screen; I've had someone come in thinking they were running Windows XP when they were running Vista -- even though they look completely different and it clearly says "Windows XP" on boot!

The ones that are aware of the version differences (and don't buy a Nexus) are generally smart enough to realize this and don't look bad on version numbers on two separate products.

Re:This is why you want a walled-off app store

You aren't really giving up half the market though.

a) Most devices that are still stuck on Gingerbread are cheap feature phones. These are the people who won't buy your app anyway.
b) Even giving up half the market, you still have a larger audience than any other smartphone OS. Android is sitting at ~70-80% worldwide marketshare; the nearest is sitting at like 30%ish.

Re:This is why you want a walled-off app store

[segin]

When you said "GSM", they should have told you your phone won't work on their network, period. This "flashing" business is because they are a CDMA carrier, and US CDMA carriers don't use removable subscriber identities, instead your network authentication details are simply programmed into a small EEPROM on the phone itself and must be reprogrammed to switch between CDMA carriers. Yes, exactly the same way the giant bricks were reprogrammed to different carriersin the 1980s. Speaking of which, it is wholly possible to have your phone service stolen by a virus on a PC just by plugging your phone into your PC, but only if it is a CDMA phone. And all CDMA phones use the very same programming method. GSM uses SIM cards with inaccessible authentication keys - why I will never use a CDMA carrier for as long as I live. Their non-LTE phones lack a SIM slot due to this, and their LTE phones are still serviceable without the SIM, albeit only on the CDMA network.

Re:This is why you want a walled-off app store

[segin]

Cricket CDMA handsets are useless overseas. The rest of the world uses GSM, and when you do find CDMA overseas, they use CSIMs, which your phone has no slot for. Overseas carriers don't use on board NVRAM programming like in the US nor will program in service details due to security concerns.

Re:This is why you want a walled-off app store

[shutdown+-p+now]

Stock Android 4.1 is nowhere near as capable as Samsung's 4.1. You can, of course, add in software to Stock 4.1 to add features to make it equivalent to Samsung's 4.1. There is no "edge"; Samsung is already providing you with some 4.2 features in their 4.1 firmware PLUS a bunch of other things.

Can you give an example of any features in Samsung-"improved" 4.1 that are actually useful? The only one I can think of is that set of switches (auto-rotate lock, wifi, Bluetooth etc) that they offer in the notification drawer, but this can be provided by any app in 4.1, and those apps not only exist, but are infinitely more configurable. The only other thing that comes to mind is that stupid full memory access exploit.

Of course, since Nexus devices are already at 4.2, the more appropriate way would be comparing Samsung's 4.1 (if that's what they have current? I thought it's actually still ICS for SGS2, for example) to stock Android 4.2...

Re:This is why you want a walled-off app store

[bickerdyke]

Does anyone even say no to these permissions since every app wants a bunch of them and you can't use it without click yes?

Why should someone do that? In 99% of the installs the required permissions match the purpose of the app, so there simply is NO REASON to say no. I definitly would (and did so) say no if suddenly a simple flashlight (or in my case metronome) app asks for access to contacts, location and internet.

How about letting the app run WITHOUT those permissions? Why do I have to decided if I want an app or not based on the fact that it wants access to my call log at install time rather than saying 'no, you cant see me call log' and still getting the app? Why can I not use the app but tell it to go fuck itself when it wants access to my contacts?

The answer is simple. Google doesn't actually want it to be too secure as that would prevent them from getting all the information they want to target you.

Sorry but that's BS. The reason why those rights are asked for at install time is that they are considered as required for the app. What use would a calendar application have that is denied access to the phone calendar? So there's no need to install an app without the requirements for it to work. The actual security check is "do the required rights match the apps purpose?" if not, don't install. But that's between you and the app developer.

However, there are two improvements I'd like to see to the android permission system:

Optional Permissions.
For exactly those cases you mentioned. Stuff that's not required for the base function of an app, but only for several specific features. Those wouldn't have to be granted at install time.

Limited Internet access.
I hate that I always have to grant full internet acces just because some app is adware. Would be cool if access could be limited to the ad network in use by that app. Or limit twitter app's internet permissions to the twitter.com domain.

Re:This is why you want a walled-off app store

[erroneus]

All of this and the above replies are very interesting information.

I had no knowledge of their CDMA-ness. I use GSM phones.

One thing they mentioned was that they do not [yet] flash my phone model. (T-Mobile, Galaxy S2) That part didn't bother me as I was still stuck on the notion that they wanted to flash my phone at all.

I can see where they would be an "exploit the poor" type of company. It seems to fit.

Re:This is why you want a walled-off app store

[segin]

I assume you are either not from the US, a poorly educated consumer, or an even bigger GSM zealot than I. Most US carriers use CDMA2000. Although CDMA2000 allows for removable identities, it's predecessors that are built around the same core network (AMPS, D-AMPS, and cdmaOne) do not, and as such, American CDMA carriers continue to use legacy internal authentication storage. This is for two reasons: To continue the myth that the only carrier a phone will ever work with is the one printed on the phone, making consumers believe that switching carriers will require the purchase of another expensive handset, and to control which devices are allowed to operate on the carrier network, on a device-to-device basis. The sole US carrier that actually speaks to the contrary in it's consumer advertising is T-Mobile, who advertises constantly that you can bring unlocked GSM handsets from other carriers and save money in doing so.

Re:This is why you want a walled-off app store

[synapse7]

Manually disabling is my favorite part.

Re:This is why you want a walled-off app store

[synapse7]

I'm curious what it is in Jelly Bean you are in such great need of that ICS is without?

Re:This is why you want a walled-off app store

[synapse7]

To add more, I have loaded Jelly Bean the S3 that I use and I've been considering restoring the samsung rom to gain back the motion gestures, some of which are quite handy.

Re:This is why you want a walled-off app store

[erroneus]

I have always believed AT&T and T-Mobile are GSM carriers and that Sprint and Verizon are CDMA carriers.

Please educate me.

Re:This is why you want a walled-off app store

AC provided a source and you provided an anecdote. Nice.

So are you denying that those phones have Jelly Bean available?

Re:This is why you want a walled-off app store

[lengau]

Here's a list of devices that either have or will get Jelly Bean.

Also, this page shows a (fairly complete, though I hesitate to say "complete" for the fact that there's almost certainly at least one Android phone/tablet not mentioned on it that exists somewhere...) list of Android devices, including what version they run. It contains 41 mentions of 4.1 and 11 mentions of 4.2.

Re:This is why you want a walled-off app store

[Applekid]

The internal permissions manifests are actually much more granular. For whatever reason (probably ease of use, but I don't know for sure), Google grouped them up into easy to understand chunks.

Full list is here: https://developer.android.com/reference/android/Manifest.permission.html

I do wish, however, you could tick a box in your settings to get the full story in the permissions confirmation window if you know what you're doing. Looking at that list, though, I can understand why they would choose to fold in some of the more obtuse permissions into some higher-level definitions.

Re:This is why you want a walled-off app store

In facts it's dangerous. Most will tend to rely on Google's botched security, letting their guard down and...gottcha...you've got malware.

You know, I'm not sure I feel sorry for them. So pirates downloading malware in APKs get compromised? Boo fucking hoo. Maybe try not being a thief.

Re:This is why you want a walled-off app store

[SomePgmr]

a) Most devices that are still stuck on Gingerbread are cheap feature phones. These are the people who won't buy your app anyway.

That 50% number is from people in the Play store.

b) Even giving up half the market, you still have a larger audience than any other smartphone OS. Android is sitting at ~70-80% worldwide marketshare; the nearest is sitting at like 30%ish.

That doesn't change the fact that you're giving up on 50%* of the Android users. I'm not here making a case for iOS over Android, just that the situation among Android devices absolutely sucks in this regard.

* You're actually throwing out 61%, if you also consider that more people are using Froyo (2.2) than Jelly Bean.

Re:This is why you want a walled-off app store

I suspect he was pointing out the uselessness of the anecdote since Jelly Bean devices account for less than 7%, where 65% of devices are still running Cupcake through Honeycomb.

Re:This is why you want a walled-off app store

[node+3]

Sorry but that's BS. The reason why those rights are asked for at install time is that they are considered as required for the app. What use would a calendar application have that is denied access to the phone calendar? So there's no need to install an app without the requirements for it to work. The actual security check is "do the required rights match the apps purpose?" if not, don't install. But that's between you and the app developer.

No, sorry, but that's bullshit. Most apps you'll find on the Play store require permissions to read the phone status, including identity, regardless of whether they have anything to do with the phone or not. Some want access to your location (like Facebook), even if it's not core to the app.

On iOS, any requests for location, contacts, photos, or calendar must be authorized by the user *explicitly*, and it can be denied if the user wishes, yet the app will still run.

Now, your example of a calendar app is simple-minded. What about an app that has a calendaring aspect, but does other things as well? Such as a task management app? Perhaps I want to use it as a to do list, but don't want it to include my calendar appointments as to do items, and I don't want it to store to dos into my calendar? The app will still work without access to my calendar, and my privacy will be just a little bit more protected.

Or like Facebook. Some people want to tag their posts with location. But maybe I don't want to, or maybe I just don't want to *this one time*, not even accidentally? Again, it's all or nothing on Android.

The idea that permissions are usually essential to the app such that it can't function without them is false. The only time that's sufficiently true is for apps that need access to the Internet. Even apps that you'd think might need what they are asking for, like a maps app, still will work fine without access to the thing they most logically need, like GPS. You can easily find a maps app useful, even if it doesn't have access to your location.

And this is Android we're talking about here. Isn't "choice" the Android mantra? The permissions system in Android is one aspect where they are severely lagging behind Apple. And even if it does break the app's core functionality, shouldn't that be the user's choice? On iOS, if an app wants access to the user's photos, it has to ask for permission to read the user's location. That's because photos can contain location metadata. If the user says "no", the app won't be able to open photos or the camera, which would break something like Instagram.

So, what happens? Instagram crashes? The iPhone explodes? No! It just tries and fails to open the photos (or camera), and then pops up a dialog saying, "hey, we need permission to read your location if you want the app to work, please say yes", and if the user decides it's ok, they can. If not, they can just not use the app.

On Android, you have to accept permissions, most of which are not necessary, but neither you *nor even the developer*, can say, "yes" to this and "no" to that. It's all or nothing. Maybe I don't know why Facebook wants access to my location, but I notice it only asks when I post if I check the "include location" button, so I figure, ok, cool, it's not tracking me all the time, just when I choose the option. Or maybe some chat app asks for access to my contacts, but only when I choose the "find friends" feature, and isn't just siphoning off my address book every time it launches.

Or maybe it is! On iOS, I can tell if it is or not, and make an educated decision. On Android, I just have to cross my fingers.

Re:This is why you want a walled-off app store

[bickerdyke]

Read my complete post. I completly agree with you that optional permissions are lacking on Android.

I don't agree with you that it should be the users choice to break the core funcionality of an app. That would be contradictory to Apples "it just works" philosophy.

Re:This is why you want a walled-off app store

[node+3]

Read my complete post. I completly agree with you that optional permissions are lacking on Android.

That's not the part I'm calling bullshit. The bullshit is where you claim that the permissions are only about "essential" requirements for the app to work at all. Please take your own advice and read my complete post.

I don't agree with you that it should be the users choice to break the core funcionality of an app. That would be contradictory to Apples "it just works" philosophy.

That's consistent with making an ecosystem that the user can trust and feel safe with. Better to slightly break an app (you are vastly overblowing the impact here!) than to force a user to give up privacy just to even try out an app.

I gave numerous examples of apps working just fine, even when you remove what you seem to think are part of their "core functionality". And what's the worst, absolute *worst* case? The app will try do to the thing it wants, fail, and pop up a dialog saying, "you didn't grant permission to X, the app needs it in order to Y, please try again and grant permission when asked, or close the app, kthxbye!"

Easy as pie. No apps were harmed in this process, and no user had to give up their privacy. Everyone's a winner!

Android.DDoS.1.origin

nice disguise

Re:Android.DDoS.1.origin

[SternisheFan]

This is not from the Android PlayStore, it may originate from a Russian website.

Re:The firm lies.

[Zontar+The+Mindless]

If people are fooled into thinking it's a legitimate app, then it has successfully disguised itself as a legitimate app, I'd say--your failed attempt at pedantry notwithstanding.

Re:The firm lies.

[p0p0]

How do you figure? The app takes on the icon/text of the play store app and launches itself and the legitimate play app when activated. Where have you been confused?

Re:Linux your next...

[masternerdguy]

Linux has EXCELLENT intrusion detection as long as you're running the SELinux tools. That thing is so paranoid out of the box that an application making a file in /tmp will throw a warning. You can set it up so that an application doing anything remotely suspicious is just killed immediately and a notification sent to the admin. If you don't trust SELinux there's more proprietary tools such as AppArmor that can do the same job and are a bit friendlier to configure.

Doctor Who?

[Jonah+Hex]

OK, sorry I got enough of this in the X-Mas special, seriously. I think it infected me. - HEX

Re:Doctor Who?

Thomas Schofield - is that you?

I'm not sure you understand.

[tuppe666]

I know your trying to defend Apples "lets gouge our customers policy" by limiting customer choice (and competition) to Apple on its (not your) phone...but to do do so I think you need to understand that on Android you have to actually go into the settings and *enable* his voluntary, and have to agree to a warning screen...Apple users are do desperate to have this functionality they "Jailbreak" Apples phone, even though Apple have attacked their customers for doing so.

Re:I'm not sure you understand.

I typically spend more on a monthly basis for a single persons meal than a Nexus 4 costs, no way would I buy an iPhone.

Re:I'm not sure you understand.

[rjr162]

Apps without ads?? Christ I get just as many on the games for the iPad as I do my android phone

Re:I'm not sure you understand.

[LurkerXXX]

I want a phone I can hold any way I want, thanks.

Re:I'm not sure you understand.

Quite a few iOS apps most certainly do have ads. You have no clue what you're talking about.

Re:I'm not sure you understand.

And yet, you don't know you're from your?

Either way I'm not 'defending' Apple beyond saying the walled garden is a superior model from centralized security standpoint, and no, I own no Apple products.

I see their success or failure determined by 'dumb users' who WILL download what is available and get pwned, complain, and eventually give up and buy the damn iphone despite gouging because of "the stupid viruses". Watch.

Re:I'm not sure you understand.

..."Jailbreak" Apples phone, even though Apple have attacked their customers for doing so.

[citation needed]

Re:I'm not sure you understand.

[tlhIngan]

I know your trying to defend Apples "lets gouge our customers policy" by limiting customer choice (and competition) to Apple on its (not your) phone...but to do do so I think you need to understand that on Android you have to actually go into the settings and *enable* his voluntary, and have to agree to a warning screen...Apple users are do desperate to have this functionality they "Jailbreak" Apples phone, even though Apple have attacked their customers for doing so.

And practically every US Android user has it checked.

Why? Amazon. Or if you want to install those cheap Humble Android Bundles.

Which means yes, it's a superior system, except it's broken because it's an all-or-nothing. Why should I have to enable it to install an app from Amazon? (Which to be honest is probably why AT&T was forced to put the option back in). Why can't I just enable it for Amazon? Or why can I just install the Humble Bundle apps?

In fact, why isn't the option more like "Allow installation of unsigned apps"? Then Amazon and Humble Bundle and AppsLib and other stores can provide their own certificates for the user to install so that store is "trusted" and they can't install some random APK from facebook because their friends call it cool?

Re:I'm not sure you understand.

[BitZtream]

Stop using free apps and the problem goes away.

Re:I'm not sure you understand.

[kiddygrinder]

anyone smart enough to understand that option would be smart enough to not install apps from a non-reputable source.

Re:I'm not sure you understand.

[shutdown+-p+now]

If I wanted a hobby phone I could kick around I would get an Android. I want a phone that works and apps without ads.

So, how did those maps work for you till Google released their app?

Re:I'm not sure you understand.

[shutdown+-p+now]

Funny that - this advice is 100% applicable to Android as well.

Re:The firm lies.

Defend and deflect at all costs!

Stupid disguise

[tuppe666]

nice disguise

I thought the opposite. The first think someone is going to do when they see a two stores on their phone...is look up why? It even has a different name, they would have been better hiding it behind a simple RSS feed or torch app

Re:Stupid disguise

[BasilBrush]

The first think someone is going to do when they see a two stores on their phone...is look up why?

No, if the user notices the duplication, and cares, their fist step is likely to be to click on each of them to see what the difference is.

"looking up why" (in Google or the manual) is what people might do after they've looked for themselves.

Re:LMAO - Oh boy: You SURE you want to post that?

MY RAVEN WAS EQUIPPED WITH THE FOLLOWING

HIGH
06 x Cruise Missile Launcher I
01 x SMALL TRACTOR BEAM 1
01 x SALVAGER I

MEDIUM
04 x LARGE SHIELD EXTENDERS
01 x 'HYPHNOS' ECM
01 x MEDIUM SHIELD BOOSTER

LOW
01 x EMERGENCY DAMAGE CONTROL
01 x ARMOR KINETIC HARDENER I
01 x ARMOR THREMIC HARDENER I
02 x WARP CORE STABILIZER I

DRONES
02 x WARRIOR I DRONES
03 x HAMMERHEAD I DRONES

UPGRADES
01 x ROCKET FUEL CACHE PARTINTION I
01 x BAY LOADING ACCELERATOR I

Seriously?

[tuppe666]

But but but I thought the zealots assured us the Linux was immune to exploits? Or did they LIE????

This is about Android...and Ya its pretty secure :) Linux is pretty good too. I'm not sure calling people zealots(maybe you don't know what one is) because they have chosen platforms with better balance of security/flexibility than your own (clearly your upset), makes your own secure. In fact its a really strange comment to make at all, about either OS, as what is true about both is they put an inordinate amount of effort into ensuring their platforms are secure. That is why both have incredibly good track records.

Re:Seriously?

[BitZtream]

Android is just as much Linux as Debian, Ubuntu and Redhat. Its just another distribution. Its just the only one that happens to be popular, and as such ... guess what ... just like Windows its becoming a malware target. and just like Windows you don't have to 'hack' the OS, just the user.

The app does not spread...

[mythosaz]

Users SPREAD the app. The app itself does not spread. It's an important distinction.

Re:The app does not spread...

[BitZtream]

They didn't call it a virus, the summary in fact states likely spread by users. Guess what, its malware.

Did you have a point and what the fuck is it/how the fuck are you modded +5?

Re:The app does not spread...

[mythosaz]

"The threat, detected as "Android.DDoS.1.origin" by Russian security firm Doctor Web, likely spreads via social engineering tricks"

That, from the summary, says that the threat spreads by social engineering -- and clearly identifies the threat as the malware, not the social engineering bit. TFA says that the malware spreads. Passive or active is important. The author of the summary is a twit. That's my point.

Hello Friend, this Linus Torvalds

I have created this custom kernel package just for you.

Please compile and install it today, I am sure you will be pleased with the custom improvements I have implemented for you.

Take a read... apk

Yes http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663 and yes http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407763

APK

P.S.=> Take a read - be VERY "enlightened" on many fronts...

... apk

Re:Take a read... apk

[Ash+Vince]

Yes http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663 and yes http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407763

APK

P.S.=> Take a read - be VERY "enlightened" on many fronts...

... apk

More like being owned by pointless and gratuitous use of bold tags. I thought using too many exclamation marks was bad enough but those posts both take the biscuit.

Maybe if you concentrated on posting stuff that wasn't so annoying to read people might not down mod you so much and you would be fine having an account like the rest of us. As it is your posts look like the demented ramblings of someone overly obsessed with markup.

Re:Take a read... apk

[Johann+Lau]

That'd just be one "front", namely your whiny gibberish which is telling indeed... you seem to be in a constant state of hurt, and also having issues with penguins. Awww.

Apple bought Quattro :)

[tuppe666]

If I wanted a hobby phone I could kick around I would get an Android. I want a phone that works and apps without ads. I went Apple after finding out the not-so-stellar truth about Android.

LOL the irony of your post is one of the reason the iPhone is so unsuccessful is its price, and please don't pretend that Apple do not make money from Advertising, they famously made siri useless with advertising. The sad fact is your post is not only off topic but irrelevant...Android outsells Apple 6:1 and sells 1.5million a day...its doing something right, and what Apple is doing wrong, and nothing you or I is going to change that. Personally I would love Apple to create a competitive product.

Re:Apple bought Quattro :)

[aaronfaby]

The iPhone is unsuccessful? Apple has 53.3% of the smartphone market: http://bgr.com/2012/12/21/apple-market-share-u-s-262731/

Re:Apple bought Quattro :)

[aaronfaby]

US smart phone market that is.

Re:Apple bought Quattro :)

It's kind of funny what dumb ass Americans think of people outside of the U.S. If only they knew what we truly thought of them.

Re:Apple bought Quattro :)

Apple makes 80% of all mobile phone profits.

You say that like it's a good thing. All it means is that they charge more than everyone else relative to the cost of making the device, and all the mindless iZombies are stupid enough to lap it up.

Used to be "std. 'FUD' mantra 4 'penguins'"

Not anymore though (thanks to ANDROID) -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407763

And do they LIE?

BIG TIME & cheat the moderation system here too, via these means -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663

* Amazing the lengths they will go to in fact!

APK

P.S.=> Take a read, be VERY "enlightened"... or not: Why do I state THAT? Well... lol, LOOK WHAT "TYPE" FOUNDED THIS PLACE! Nerds - who act more like WOMEN than women do @ time, lol... makes sense though - when you are "that kind", you have NO BALLS, & got beaten DOWN because you had no sense to workout & knock the chocolate outta bullies (might not win, but I GUARANTEE once a nerd does that? 9/10 times, bullies, stop - I know, been there, done that in my time too (nerd @ heart here is why, but was also 'jock' too & learned that from having to hang around with those dolts (not ALL were, but many were).

... apk

Re:Linux your next...

[bbelt16ag]

are there any good tutorials about setting this up? i think my friends need to stay using this in production and i might need to help em out.

Apple has only 1.6% Market share.

[tuppe666]

The iPhone is unsuccessful? Apple has 53.3% of the smartphone market:

LOL in the US...worldwide it had dropped from 23% to 14.9%. This is original report for your figures http://www.kantarworldpanel.com/global/News/Apple-achieves-its-highest-ever-Smartphone-share-in-US they are on in a pdf but include figures like in Brazil Apple dropping from 3.2% to 1.6% while Android moves from 28.9% to 60.7% of the market.

Better Specification than Apple, at less cost :)

[tuppe666]

Android outsells Apple 6:1 in the "I use a smartphone like a featurephone and don't know what apps are, oh and this phone is only $79 on prepaid" area.

Absolutely not. In China for example the Average price of a smartphone is $250. Lets look at the best selling phones are on Amazon China http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&eotf=1&u=www.amazon.cn. The top phone is Lenovo with a dual core processor, 2000mAh, Android 4.0, 2nd Phone is and 3rd Phone are both Huawei is both dual and quad cores with larger screens than your beloved iPhone :) (and includes a dual sim interestingly ), The third Phone comes with 2GB of RAM!! ....I hate to say it but these phones seem to have better specifications (and arguably software) than your beloved Apple iPhone, its not surprising really as Apple overcharge their customers so much.

"Point-by-Point" rebuttal, part #1 of 4... apk

"Ummm... windows has gotten better, but there are a bunch of dumb design decisions that make it inherently less secure than any other modern OS.

Just a few:

Unix (and all unix-like OSs) have used salted passwords since the 70s. MS had that example, but still chose to store non-salted password hashes. This is why you can crack any windows password hash in miliseconds (using pre-computed rainbow tables) where the identical password would take months or years to crack if it originated on a unix host since precomputed tables are not possible with salt." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

Milliseconds huh - on a 19++ character long password using mixed case, & characters (like mine is & has been for ages)?

Perhaps for NTLM authentication, but I *think* you may be "off" for NTLMv2 (which again, is what I use)... get back to me here though on this IF you have counter-information (I can learn by it too - thanks).

---

"Of course, windows also stored passwords as multiple independent pieces, so cracking a 12 character password hash generated on any other OS is hard, on windows, it was just a matter of cracking the 4 character piece which is _very_ easy. - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

YOU SURE ABOUT THAT? See above - your information, unless you can disprove my point about NTLM vs. NTLMv2, may be "STALE"/outta date.

APK

P.S.=> My next reply will address your next point in another post... stick around! Now, above ALL else:

Well - Unless you can provide what I ask for above? I am doing you are favor in these replies, so you don't post potential falsehoods anymore (hence your AC post I suspect, you aren't that sure or if your 'points' truly 'hold true' anymore or if they ever did etc.)...

... apk

Re:He's points out a common-sense fact though

[Zontar+The+Mindless]

Yes, it has really got to the point where I can read the first line of one his posts, cut straight to "Dear APK, Please die in a fire," and move on.

Does it affect the kernel :)

[tuppe666]

Android is just as much Linux as Debian, Ubuntu and Redhat. Its just another distribution. Its just the only one that happens to be popular, and as such ... guess what ... just like Windows its becoming a malware target. and just like Windows you don't have to 'hack' the OS, just the user.

I understand the argument...and have even made it myself "in context" except this attack won't work on "Debian, Ubuntu and Redhat"...and no its nothing like windows :).

Re:Does it affect the kernel :)

[BitZtream]

And only a Linux fanboy would argue that distort incompatibility is a feature.

Re:Does it affect the kernel :)

Only a mindless Apple cockchugger would argue that the phrase "distort incompatibility" makes the slightest bit of sense.

Re:You would think

[Zontar+The+Mindless]

Sucks for you that Ohio Arts isn't a supported platform, I guess.

"Point-by-Point" rebuttal, part #3 of 4... apk

"Actually, lots of stuff that should not be in kernel space is in kernel space on windows." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

Hmmm, like how MS "took a play" from the *NIX world, like moving http.sys into kernelmode?

Again, like I said in the FONTS reply (already patched though)??

Performance is why!

HOWEVER: CAN YOU BE MORE SPECIFIC THOUGH ON YOUR "LOTS OF STUFF" please?

Thanks!

Then?

I'd like to see EXACTLY what you mean, & then, I'd counter... Albeit, likewise & WITH specifics (if it can be done, of course)

---

"Until recently, windows pretty much required admin rights for ordinary users.." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

WTF? What is 'recently'?? Windows NT-based OS have had GRANULAR usergroups & userpermissions via ACL/DACL for ages & smart users or admins employed them... as far back as 1992 on NT 3.1 iirc, & for SURE on Windows NT 3.5x series in 1993-1994 even!

In fact - Windows had this, LONG BEFORE LINUX & its "MAC" (mandatory access control), via SeLinux (which the NSA "bolted onto" Linux distros in fact later)... long before!

APK

P.S.=> Again - "Stay Tuned" for part #3 of 4 in my rebuttal to your points...

... apk

Point-by-Point rebuttal, part #4 of 4... apk

This one? The "hardcore 'penguins'" hate - but, you seem reasonable, & of course these ARE documented, verifiable & UNDENABLE facts too, so... here goes:

"You are more secure running Linux or any *nix for those classes of exploits that do not simply require operator stupidity." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

ARE YOU? See this list from 2011-2012:

2012:

New Linux Rootkit Emerges:

https://threatpost.com/en_us/blogs/new-linux-rootkit-emerges-112012

"A new Linux rootkit has emerged and researchers who have analyzed its code and operation say that the malware appears to be a custom-written tool designed to inject iframes into Web sites and drive traffic to malicious sites for drive-by download attacks. The rootkit is designed specifically for 64-bit Linux systems."

---

'FIRST ever' Linux, Mac OS X-only password sniffing virus spotted:

http://www.theregister.co.uk/2012/08/29/linux_mac_trojan/

---

Medicaid hack update: 500,000 records and 280,000 SSNs stolen:

http://www.zdnet.com/blog/security/medicaid-hack-update-500000-records-and-280000-ssns-stolen/11444

So, what's dts.utah.gov running everyone?

LINUX (and yes, it got HACKED) -> http://uptime.netcraft.com/up/graph?site=dts.utah.gov

What's health.utah.gov running too??

YOU GUESSED IT: LINUX AGAIN -> http://uptime.netcraft.com/up/graph?site=health.utah.gov

* Ah, yes - see the YEARS OF /. "BS" FUD is CRUMBLING AROUND THE PENGUINS EARS HERE & 2012's starting out just like 2011 did below!

===

2011:

KERNEL.ORG COMPROMISED - The Cracking of Kernel.org: (that's VERY bad - do you trust it now?)

http://linux.slashdot.org/story/11/08/31/2321232/Kernelorg-Compromised

---

Linux.com pwned in fresh round of cyber break-ins:

http://www.theregister.co.uk/2011/09/12/more_linux_sites_down/

---

Mysql.com Hacked, Made To Serve Malware:

http://it.slashdot.org/story/11/09/26/2218238/mysqlcom-hacked-made-to-serve-malware

What's that site running? You guessed it - Linux -> http://uptime.netcraft.com/up/graph?site=mysql.com

---

London Stock Exchange serving malware:

http://slashdot.org/submission/1484548/London-Stock-Exchange-Web-Site-Serving-Malware

(I mean hey - NOT ONLY DID LINUX FALL FLAT ON ITS FACE less than a few minutes into the job http://linux.slashdot.org/story/11/02/19/0147232/London-Stock-Exchange-Price-Errors-Emerged-At-Linux-Launch, & crash not only ONCE, but TWICE there? You see "Linux 'fine security'" in motion @ the LSE too!)

---

DUQU ROOTKIT/BOTNET BEING SERVED FROM LINUX SERVERS:

http://it.slashdot.org/story/11/11/30/1610228/duqu-attackers-managed-to-wipe-cc-servers

---

Linux Foundation, Linux.com Sites Down T

Addendum/Part #5 FINAL... apk

"It still requires the almost admin user right of "power user" to be able to run a lot of software that touches the registry. This is not completely MS's fault, but also all the crappy software that runs on windows." - by Anonymous Coward on Thursday December 27, @08:14PM (#42407955)

THIS IS FOR PROTECTIVE PURPOSES vs. EXPLOITS &/or DAMAGE... that's all & smart to do!

(HOWEVER - There are MULTIPLE BACKUPS of registry profiles & iirc, the registry itself too as physical files as well, so the 'damage' part isn't bad - & also, NTFS is a JOURNALLING FILESYSTEM vs. corruption too - so blowing out the entire registry is difficult to do or power outages corruption for example, also... a transaction doesn't take? She "Rolls Back"! Good stuff).

* Nice talking to you - oh, by the by: It's NOT just to the registry either (albeit in Win64, all 32-bit malware can do is VIEW that ONLY via the Win32 API, BUT not write it... so you know!).

I haven't seen a PURE 64-bit malware out there (yet, that is, either).

APK

P.S.=> "NEXT"... lol!

... apk

SMALL EDIT (sorry, correcting myself).... apk

BEFORE "nitpicking trolls" do:

albeit in Win64, all 32-bit malware can do is VIEW that ONLY via the Win32 API, BUT not write it... so you know! - by Anonymous Coward on Thursday December 27, @09:03PM (#42408207)

NOPE, 32 bit ware can WRITE its sections of the registry but not the 64 bit wares sections! This is a protective measure as well - especially vs. 32-bit malwares!

(Sorry about that!)

*DONE!

APK

P.S.=> "Onwards & UPWARDS"...

... apk

Re:SMALL EDIT (sorry, correcting myself).... apk

excuse me - you guys recently discovered the bold-face tag...?

Android phones are taking a bite out of Apple

[tuppe666]

Apple makes 80% of all mobile phone profits.

It doesn't and it hasn't for a long time [and never did :)], and there is no such thing as % of profits. It does produce a phone which it sells at a vastly overinflated price to small market share of customers, that strategy has been so successful it had made the largest company by market cap in the world...but that was three months ago, Apple have now lost 30% of its market cap, and its whole strategy is looking weak for the company...it always looked shitty for their customers [its kind of sad you point it as an advantage in absence of better hardware/software/price], Its no wonder their small market share continues to shrink. Perhaps if they had had a long term strategy things would look different now.

Re:Android phones are taking a bite out of Apple

http://bgr.com/2012/08/06/apple-mobile-industry-profit-share-q2-2012/

Eat it. Then put your foot in your mouth.

Re:LMAO - Oh boy: You SURE you want to post that?

You get modded down because you troll, plain and simple, but you know that.

Quit telling fables ac troll... apk

"You get modded down because you troll, plain and simple, but you know that." -

No, I am SURE I just "tell it how it REALLY is" with facts... just like those that are documented proofs via quotes & more, right here http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663

You just don't like it, truth, is all!

* :)

(So, you can "Chew on That" troll... lol, & rest assured, you're not going to 'rope me in' to some flamewar so you can 'bury' my other posts here to hide their facts - since I said it all with PROOFS above no one can deny!).

This & my other post? All I need really, to dust you, easily!

APK

P.S.=>

"You get modded down because you troll, plain and simple, but you know that." - by Anonymous Coward on Thursday December 27, @09:12PM (#42408259)

Per my subject-line above, & my post? Well... "says the AC troll" I am replying to, with his illogical + off-topic with the "std. ad hominem attack: that FAIL as-per-your-trolling USUAL, vs. myself & facts I use (that you CANNOT stand, or combat... period, lol)...

Now next? Call this a prediction (albeit one based on experience with you puny /. trolls)

Well... lol, you'll do the ONLY THING YOU KNOW HOW TO DO per what I outlined above (downmod my post), lmao, to *try* to "hide it" via downmods so it get buried @ this threads aging goes.

No biggie. Plenty of folks will see it beforehand, as well as those browsing beneath the std. bogus moderation threshold (another "puny ploy" by the nerds that run this place, "not men" that they are, lol!).

So - Next I am ALMOST certain you'll do what I showed there, & downmod my post since you're already TROLLING AS AC, via 1 of your MANY "registered 'luser'" accounts too (since there's NO DISPUTING facts I used - & I'd almost BET it's a fact you are one of the many 'registered lusers' I've dusted here over time too in technical debates in computing as well - hence, your AC post, because you KNOW I'd toss your numerous defeats @ my hands on that account RIGHT BACK AT YA, to laugh in your face, again, about them & how EASY it was for me to do)...

... apk

Going to quote you troll (you prove my points)

"I don't need multiple personality disorder; I *am* multiple personality disorder!" - by Zontar The Mindless (9002) on Friday September 28, @01:54AM (#41485577)

ABSOLUTELY: a multiple registered 'luser' account user type of troll... just like I outlined in this thread already with facts!

( All per my documented FACTS on that much & how it's done & why by you trolls who *think* you're "clever", here -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663 )

* You little fools ASTOUND me @ times, you really do... why?

Well - first of all, I've been at this art & science for a HELL OF A LOT LONGER than most of you have & done well, on MANY LEVELS IN IT, + I have seen "all the tricks" & the trolls here?

No different... not even ORIGINAL, just "same old, same old" troll tricks!

LMAO! Which, of course, only proves you cannot even *think* for yourselves... hence, also sort of WHY & HOW "Open SORES" (which fosters copying & lack of originality in code @ least) also proves it... lol!

APK

P.S.=> By the by - That quotes direct from you, here -> http://slashdot.org/comments.pl?sid=3143039&cid=41485577 so - thanks for helping ME, look GOOD, as-per-usual!

... apk

Re:Going to quote you troll (you prove my points)

[Zontar+The+Mindless]

*yawn*

Android has over 710Million users :)

[tuppe666]

I see their success or failure determined by 'dumb users' who WILL download what is available and get pwned, complain, and eventually give up and buy the damn iphone

I guess the proof is the the pudding with Android hitting 710Million users(last quarter) with activations of 1.5Million daily, and is set to become the primary computing platform, taking the crown away from Microsoft Next year. I think when the platform that has the better hardware/software/value unsurprisingly gets the most users by a massive...calling them dumb(sic) might be somewhat inappropriate.

Re:Android has over 710Million users :)

"..calling them dumb(sic) might be somewhat inappropriate"

I was referring to the dumb users. The ones who will run apps they haven't verified and re-verified.

Either phone group has hundreds of millions of them.

Re:Linux your next...

[Gaygirlie]

Any machine anywhere can get a rootkit, or worse

Rootkits aren't the problem, you don't need root privileges to do DDOS-attacks, to spy on users, to delete their files and so on -- it all can be done as a regular user just fine. Often you don't even have to hide the malware package in any way or form, just fool the user into thinking it's useful! That said, in general I agree with you: there is no OS that can protect against gullible users, not even Linux can do that. There are ways of increasing security by leaps and bounds, but those ways would really require a whole new OS.

Typical Apple User

[tuppe666]

Fuckle Assdroid is continually proving to be the M$ Windoze of the mobile world.This is just the icing on the cake when it comes to why Fuckle Assdoid cannot be trusted. Glad I went with iOS rather than the steaming pile of shit called Fuckle Assdroid.

I always admire the enthusiasm of Apple Users, and another well thought out post that was. You raise several important points. I can't help questioning your point that Android is the new Microsoft Windows. It isn't and never will be...that privilege is Windows Phone which is currently 6th most popular OS; Popularity alone is not a measure of similarity. The reality is right now Microsoft is pushing for an "ecosystem" read its Desktop monopoly on your phone...and nobody is buying what they are selling [Literally of Figuratively], but undeniably there is a move towards a unification of Mobile/Tablet/Desktop OS's through a shared store/look and feel/API, what is most interesting is Google who make no money directly from Android is pretty OS Agnostic, but has unified services...even on the iPhone, and as yet had not made Chrome a desirable!? platform.

Re:Typical Apple User

[BasilBrush]

You're easily trolled. Suggest you raise your sights a bit above -1 rated ACs.

Re:Better Specification than Apple, at less cost :

[Kenshin]

Ya, China's probably not the best market to compare to.

In North America and Europe similarly spec'd phones run in the same price range, which means everyone loves making a healthy profit off their customers.

I have yet to read ..

[twistofsin]

I have yet to read an article on an Android virus that isn't a trojan. No drive by's, API or OS exploits.

Trojan's will always exist. They are wolves in sheep's clothing.

Re:I have yet to read ..

[shutdown+-p+now]

There were certainly enough exploits in Android (or manufacturer's versions of it, like the recent Sammy one) to make such a thing. It's just that it's not worth the bother - why do it the hard way, if you can just have users install it on their own?

Windows is in the same situation today - it's not like there's a shortage of exploits, but most malware you see out in the wild is of the "click here to install this super-useful toolbar!" kind. It doesn't need exploits, because the users will happily download and run it, and elevate it to admin when it asks for it.

Rootkits on Windows? NO PROBLEM & why

Courtesy of "yours truly" & this technique I outlined vs. "the indestructible rootkit", long ago here on /., using tools you most likely ALREADY OWN or are FREE, from MS (here goes & yes, vs. malware they can haul in that works in Windows while you are logged on also, per your statements):

http://it.slashdot.org/comments.pl?sid=2395654&cid=37204632

* It works vs. ANY rootkit (driver driven, via RC listsvc, & disable commands, OR FixMBR vs. MBR based ones, nowadays? They use BOTH...) + the malware they haul in to do JUST what YOU said (via processexplorer.exe)...

APK

P.S.=> You can also use THIS tool too:

---

APK Hosts File Engine 5.0++ 32/64-bit:

http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74

---

(Which is FREE, & I created in both 32-bit &/or 64-bit form (in the file it comes in))

To BLOCKOUT communication back to their C&C servers, as far as malware in ring3/rpl3/usermode once logged into Windows!

It's especially since MOST use host-domain names vs. IP addresses, since they spent monies on them & they use them 99% of the time (trust me - I've been fighting them for decades)

Those domain names?

They are an "investment in time" for them, they often use/recycle - the "RBN" was NOTORIOUS for it by using 'unscrupulous' hosting providers! Hence part of WHY they reuse them, since they PAID for them!

IP addresses, by FAR the less used? Usually ONLY for 'fallback' purposes in the 'better designed' malware??

Spot them talking back with TcpView or netstat -ano/-an

(AND, they will BLOCK that or mess with netstat I wager though, why? Well... so, be wary of that, rootkits DO intercept API calls to stuff they know about to make bad data come back to it so YOU cannot "spot them" in the act & catch 'em "red handed").

(Because you're correct - it would be done from there once users are logged in, hence WHY the malware maker of today does it, hauling in MORE malware above the ring 0/rpl 0/kernelmode rootkit which vs. my technique above? NON-SEQUITUR & BLOWN AWAY, easily - 3 minutes time, tops... lol, with free tools in recovery console (vs. the rootkit drivers OR mbr based ones) & processexplorer (to 'mop up' the usermode malwares no matter WHERE OR HOW they 'hide', like beneath services), + ones you most likely OWN already (hopefully))...

... apk

Re:Rootkits on Windows? NO PROBLEM & why

[Gaygirlie]

Mate, nothing you said has anything to do with my comment, and I definitely am NOT going to start downloading some random files you recommend or trust you.

Re:Rootkits on Windows? NO PROBLEM & why

You mentioned rootkits Gaygirlie. He's merely replied to it with a working solution for Windows users. Why don't you do the same for Linux or Android then. It'd be more productive than stating what we all know anyway.

"Rinse, Lather, & Repeat", troll... lmao! apk

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408413

* Especially since "that's the best you've got"... & it ain't much!

*yawn*" - by Zontar The Mindless (9002) on Thursday December 27, @11:29PM (#42408739)

GOOD: Glad you yawned, so your trolling mouth's WIDE OPEN as you can INSERT YOUR FOOT better, lol, since you must "wash down the bitter taste of SELF-DEFEAT", again, vs. myself, spiced of course, with your FOOT IN YOUR MOUTH!

QUESTION: How's that all taste? "Inquiring minds, want to know..."

ROTFLMAO!

APK

P.S.=> Lastly - if you *think* you're going to "rope me in" to some flamewar with you? Forget it... I said all I had to above here & of course, in my link reply to you @ the top of this reply to you troll, lol!

... apk

Re:"Rinse, Lather, & Repeat", troll... lmao! a

[Zontar+The+Mindless]

Dude, if this is supposed to be some sort of a contest... you're the only one competing.

For those posting that this won't happen in Apple

For those posting that this won't happen in Apple or in a walled garden, check out this apparently fraudulent Minecraft app in the iTunes store:

https://itunes.apple.com/au/app/minecraft-mobile-a/id559649056?mt=8

Despite the name and the logo, it appears to have no endorsement from the official creators. Reviews say the screenshots and description are misleading, and it looks like there's quite a few sockpuppet positive reviews.

Re:Linux your next...

Obviously you have no clue how SELinux works. It does not detect intrusions. It enforces mandatory access controls. Now if you parse the log files, you might notice something getting denied but that's not exactly proactively monitoring and alerting like you'd expect from an IDS.

Re:"Rinse, Lather, & Repeat", troll... lmao! a

You're no competition for him from what I've see. You're beaten easily.

This isn't war: It's PEST CONTROL (lol)... apk

APK = Dalek, you & all /. trolls = Cybermen - Quoting Dr. Who episode "Doomsday" with video (lol):

http://www.youtube.com/watch?v=ysvNOmDMVvk

See position 2.50 on the YouTube player control... says it all about you MINDLESS ONE + other trolls like you, especially vs. myself!

(ROTFLMAO!)

Especially since you're "the inferior species known as cybermen" (trolls actually).

APK

P.S.=> Quoting the Daleks regarding YOU & all trolls, vs. myself? Ok:

"You are superior in only 1 respect - YOU ARE BETTER AT DYING", ala -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408413

And of course, from the same video:

"WE WOULD DESTROY THE CYBERMEN (trolls & Pro-*NIX people) WITH ONLY 1 DALEK" (lol, me - as my replies to the 'penguins' here clearly illustrates, point by point)

... apk all trolls, vs. myself? Ok:

Re:"Rinse, Lather, & Repeat", troll... lmao! a

[Zontar+The+Mindless]

Despair.com is thataway ->

FUNNY, & "you FAIL" again... apk

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409005

* :)

APK

P.S.=> Last quote from that video, albeit here? "Raise Communications Barrier", lol... last reply I give, as I said you aren't going to "rope me into" some 'flamewar' with a trolling dolt, in yourself "Zontar The Mindless" (lol, absolutely on the last 2 words as to you), who is off topic as usual, & YES:

Since it's funny (AND APT/it applies, vs. you & all other trolls)...

... apk

Re:"Rinse, Lather, & Repeat", troll... lmao! a

Hahahaha http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409005

LOL, you'll LOVE THIS then... apk

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409005

* :)

(Enjoy... lol!)

APK

P.S.=> I only tell it how it is, with a "little help" from Dr. Who, no less...

... apk

Re:"Rinse, Lather, & Repeat", troll... lmao! a

At home he's a tourist.

LMAO - "EXTERMINATE"... apk

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408051

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408095

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408147

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408187

* :)

(Those are my "4 DALEKS", from the video I posted in my other reply to you -> http://www.youtube.com/watch?v=ysvNOmDMVvk for a "video analogy" ...)

APK

P.S.=> Per my other post to you, since you dig "Dr. Who" (as do I) -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409085

(Enjoy! It applies - consider using it yourself I suppose, lol)

I used it once long ago, vs. Arstechnica, but it was BEFORE the Dr. Who episode, long before (2001, iirc, when I told them they were only superior in 1 respect - getting their asses kicked! lmao)...

... apk

Show facts on /.? GET A DOWNMOD, lol... apk

As to "how it really works" here, lol -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407663

Especially if you tell it how it REALLY is, with backing facts (especially vs. 'precious linux' - which oddly, I too like, but NOT FUD, which makes ALL PENGUINS look BAD, anyhow... I just do you all a favor & CORRECT YOU IN IT, as well as kicking your asses too (bonus!!!))

* :)

OH, & of course, this also -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409203 as proof of "EXTERMINATE"... lmao!

APK

P.S.=> All I can say to that unjustifiable downmod, is this, since I'll let 'others do the talking for me' for a "video analogy" -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409005

LMAO - & Dr. Who show & the DALEKS said it better than I can...

"710 million cybermen? Easy..."

"...1 Doctor? NOW you're scared" - Rose Tyler-> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409005

* :)

* Yes, tossing in Dr. Who for a 'video analogy' here, since geeks OBVIOUSLY like it -> http://mobile.slashdot.org/comments.pl?sid=3344205&threshold=-1&commentsort=0&mode=thread&pid=42407605

I said the same as you though, & gave congrats to GOOGLE & ANDROID though on the account YOU note in your post I replied to, albeit, here -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407763

APK

P.S.=> Especially considering how EASY YOU ALL ARE, to "EXTERMINATE" -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42409203

On technical issues whenever I see 'fud' being spread around here, which makes Linux & by extension, ANDROID USERS, look BAD!

(It MAY be why your "OS weapon of choice" is getting NUKED almost daily, eh? FUD, misleads...)

Above all else, HEY - just "busting your balls", & same to all folks NOT being trolls since the guy I 'exterminated' wasn't a prick really - just pretty badly misinformed...

... apk

Granular permissions up-front worse for security

[SuperKendall]

Granular permissions allow a user to know exactly what an app wants to do before they even install it

No they do not.

They know what RESOURCES an app would like to have beforehand. But having never run the app they have NO idea when and for what reason they are required.

On iOS you also have granular access. But the key is, you are asked at the time that resource is required. So for example, you are asked if the application can access your contacts only when you've hit the "send to a friend" button or whatever.

A big list of permissions that non-technical users hardly understand helps almost no-one. It allows a technical user to avoid some traps, but it screws over the large majority of users.

No it does not

[SuperKendall]

iOS is pretty mature and does not exactly suffer from such attacks. (oh wait, yes it does!)

That's nothing like this attack. That was an app that all it did was secretly harvest contacts, which it could not even do in iOS6 (which north of 80% of iOS users have converted to).

In that case someone with the app on iOS could not give it to another person, and the app could not secretly SMS people as it could on Android.

So to recap: IOS users mostly immune to what limited "malware" there was, Android still happily firing up malware on all cylinders in the name of user "freedom".

Re:No it does not

[erroneus]

Though the function was different, the point is the same. Malware was installed by users using a trusted source (in this case the apple app store) and it did things the user were not aware of or gave permission for it to do. That the functions were different is not relevant. It was a compromise of the device and its contents by use of malware which is the relevant similarity.

And should Apple's app store let another one slip through, this process can and will repeat itself.

Where did you get this strange notion that this trojan horse program was also a virus in that it will infect other devices? I didn't read that anywhere. The point of infection is when the user voluntarily installs the malware to their device. It is a trojan because it pretends to be something safe.

In your belief and desire to defend Apple, I think you forgot to check facts long enough to know what you are talking about. But I have to ask. Why are you so defensive about Apple? They are a business like all the others. They serve their interests first and foremost. Customer satisfaction is primarily based on customer acceptance of Apple's terms and conditions because Apple does not make exceptions for its customers. Apple also has a history of blaming its customers before it blames itself for anything. ("You're holding it wrong" is not the only example of this.)

I totally understand the human aspects of this behavior. We do it all the time with sports, religion and politics. We care about things which do not return the affection. But as this phenomenon is extended into consumerism, it presents some very interesting psychology indeed. Your affection for Apple things does not make you who you are. It does not make you a better person. If you draw a sense of happiness from the notion that owning (excuse me, I mean licensing) some hardware and software makes you a member of some club, then I might invite you to read or watch Dr. Seuss' "Star-Bellied Sneetches" as it is a lesson for all of us everywhere. (Interestingly if it available here: http://www.youtube.com/watch?v=v3yJomUhs0g )

Re:No it does not

The fact that you deliberately misquoted "You're holding it wrong" when in fact Jobs stated "Just avoid holding it in that way" as a way to mitigate the issue only shows that you in fact hold the same kind of corporate allegiance that you are knocking in your post.

So, why are you so offensive about Apple and defensive of Google? It is widely known that malware makes it into Google Play store more often than it does the App Store, and the GP's point about the changes in iOS 6 further making this kind of exploit impossible is certainly valid.

Re:No it does not

[node+3]

I totally understand the human aspects of this behavior.

You understand it because you are engaging in it yourself in your condemnation of Apple. It's absurd to claim that Apple's app ecosystem isn't more secure than Android's. Everyone knows this, even the most ardent Android fanatic does.

You think that *one* piece of malware, that got through Apple's testing, which was caught and removed, which can't even automatically affect people on iOS 6, and stands out as an exception which is nowhere nearly as common as malware on Android, is exactly the same as malware on Android?

Of course not.

So, please, take your own advice and quit being so foolish. iOS is vastly more secure than Android. Android is vastly more open. Both are that way by design. Anyone who denies either of those two facts are engaging in exactly what you seem to think SuperKendall is guilty of, or is just simply ignorant, and you don't appear ignorant, just biased.

Re:No it does not

[erroneus]

That one slip proves it is possible. And knowing it's possible, if I were to plan a massive hit, I would make sure the timing on activation was such that my trojan app would have the widest possible distribution before it became active.

I did not say anything in support of any particular platform as I mentioned them all in a neutral manner. But perhaps I should have said something about the notion of "giving up freedom for [the illusion of] security" has been a false notion for hundreds and hundreds of years.

Re:No it does not

[node+3]

That one slip proves it is possible. And knowing it's possible, if I were to plan a massive hit, I would make sure the timing on activation was such that my trojan app would have the widest possible distribution before it became active.

Possible, but not likely, and not easy either. Definitely not as possible nor as easy as it is on Android.

You're acting like this "possible" thing is just as bad as the actual thing that happens on Android at least a few times per year. They aren't equal.

I did not say anything in support of any particular platform as I mentioned them all in a neutral manner.

No, you distorted facts to an absurd level to make two disparate app ecosystems appear equally flawed.

Apple's is more restricted, but safer. Google's is more open, but more dangerous. They *are* different. By claiming equality between the two, you are tinting reality, in this case against Apple and for Google.

Then you went further and claimed that the person trying to say that they aren't the same is delusional and biased, and mocked and belittled him for it. You seem to think you aren't biased because you didn't use charged words. That's only one form of bias.

Now, I won't insult or belittle you. I do think you are smart enough to see the difference between iOS and Android here. It'd just be nice to see that reflected in your comments.

Re:No it does not

[erroneus]

The difference is that you think because big brother Apple has locked things down in some way that you are safe. That just isn't the case. If Apple is in control, then you are not. Who does Apple serve?

In any case, Apple iOS is equally vulnerable. As another commenter pointed out, for this malware to get onto an Android, the user would have to enable other sources to install. Though it's not a simple check box, it's fairly easy to enable other sources on iOS at which point malware can be installed by the user.

Once in, each platform is comprimised. There is no difference.

Re:No it does not

[node+3]

The difference is that you think because big brother Apple has locked things down in some way that you are safe.

No, just safer.

That just isn't the case. If Apple is in control, then you are not. Who does Apple serve?

Me, the customer. Though that's a bit of misdirection on your part, since it doesn't have anything to do with whether the App Store is more secure or not.

In any case, Apple iOS is equally vulnerable.

Except it's not. This is proven out by the fact that Android malware is a regular occurrence, while iOS malware is all but non-existent.

As another commenter pointed out, for this malware to get onto an Android, the user would have to enable other sources to install. Though it's not a simple check box, it's fairly easy to enable other sources on iOS at which point malware can be installed by the user.

Again, misdirection. The Play Store has had more malware than the App Store. And, yet again, you are creating a false equivalency when you make it sound like jailbreaking an iPhone is in the same realm of difficulty as allowing outside sources an Android phone. It's not even *close*, and that, again, causes a difference between the two.

Once in, each platform is comprimised. There is no difference.

Are you saying that once both devices are infected, they are both infected? Well, even though it's a tautology, at least it's correct!

But also a misdirection. How is it you can't accept that iOS is safer than Android? Why the dishonesty? iOS is safer. That's proven by the rates of malware on the two systems. You can argue whether it's a worthwhile trade off, you can argue whether Google needs to do more, less, or is doing things just right, but you can't change reality.

That's the bias you are suffering from. Cut it out, you'll be better off for it.

Where does your worst number come from...

[SuperKendall]

worldwide it had dropped from 23% to 14.9%

In Europe the figure from the link your provided was 25.3% for the iPhone.

Given the 53% in the U.S. combined with a recent two million of sales in China opening weekend, and it seems like your numbers are drastically wrong somewhere.

Re:Where does your worst number come from...

No, you seem to drastically underestimate the population figures in Asia where cheap Android phones are affordable and Apple jewlry is not.

Re:Granular permissions up-front worse for securit

[bickerdyke]

A big list of permissions that non-technical users hardly understand helps almost no-one. It allows a technical user to avoid some traps, but it screws over the large majority of users.

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

The more difficult thing is to judge if those permissions are reasonable for that app they want to install. But as they're the only one who know what for they're installing it, no one can take that burden from them.

Two quotes and a comment

"It's not quite clear yet how the Trojan spreads" "Devices running Dr.Web products for Android are well protected from this Trojan." Imagine that.They don't know how it spreads, but they do know how to stop it.IIRC, they didn't even offer one solid example of how it's spreading. Just a theory? Really? You think it might be using?? Maybe I'm still having trouble getting the "I'll be home for Xmas" Apple DoS(Denial of Sanity) ad out of my consciousness, but this whole article read like an ad.

Re:The firm lies.

[jez9999]

Legitimate apps come from the Google Market/Play. So this app in no way "disguises itself as a legitimate app". Not that I'm for such a closed environment, but it exists for this reason.

This isn't Apple. With Android, it's perfectly possible to have a legitimate app that is on another store from Google Play, or no store at all.

Seriously

[tuppe666]

http://bgr.com/2012/08/06/apple-mobile-industry-profit-share-q2-2012/

Eat it. Then put your foot in your mouth.

To repeat myself :) and no, a posting a 6month old guesswork is not going to change my statement.

It doesn't and it hasn't for a long time [and never did :)], and there is no such thing as % of profits. It does produce a phone which it sells at a vastly overinflated price to small market share of customers, that strategy has been so successful it had made the largest company by market cap in the world...but that was three months ago, Apple have now lost 30% of its market cap, and its whole strategy is looking weak for the company...it always looked shitty for their customers [its kind of sad you point it as an advantage in absence of better hardware/software/price], Its no wonder their small market share continues to shrink. Perhaps if they had had a long term strategy things would look different now.

Re:Seriously

[BasilBrush]

To repeat myself

You can repeat yourself, but the other poster has shown that what you are repeating is false.

Re:Seriously

[tuppe666]

You can repeat yourself, but the other poster has shown that what you are repeating is false.

LOL to repeat myself yet again :)

It doesn't and it hasn't for a long time [and never did :)], and there is no such thing as % of profits. It does produce a phone which it sells at a vastly overinflated price to small market share of customers, that strategy has been so successful it had made the largest company by market cap in the world...but that was three months ago, Apple have now lost 30% of its market cap, and its whole strategy is looking weak for the company...it always looked shitty for their customers [its kind of sad you point it as an advantage in absence of better hardware/software/price], Its no wonder their small market share continues to shrink. Perhaps if they had had a long term strategy things would look different now.

Re:Seriously

[BasilBrush]

You can repeat yourself, but the other poster has shown that what you are repeating is false.

Would love Android on Debian Chromebook

[tuppe666]

And only a Linux fanboy would argue that distort incompatibility is a feature.

Quite the reverse its not its just a simple fact. The reality is going forward I would love to be able to run my android apps on my ARM touchscreen chromebook running Debian...but right now the whole Userland is simply different to "Debian, Ubuntu and Redhat" and you know that. The benefits come from the massive shared development work going into Linux(the kernel) from Google and other companies now interested in Linux(the kernel) because its part of Android, which users of "Debian, Ubuntu and Redhat" benefit from :)

I post the figures as I see them

[tuppe666]

They are simply IDC's latest figures, although all major players figures match, but then you know that. Android Activate 1.5Million phones daily. Its a phenomena.

Re:I post the figures as I see them

[SuperKendall]

They are simply IDC's latest figures

If they were you'd have a link.

Doing a simple google search for iOS IDC marketshare shows a much higher overall percentage for iOS.

Ever heard of malwarebytes?

MalwareBytes (part of the security community) hosts it http://hosts-file.net/?s=Download & so does securemecca here http://hostsfile.org/hosts.html

* So much for your statement here then:

"I definitely am NOT going to start downloading some random files you recommend or trust you." - by Gaygirlie (1657131) on Friday December 28, @04:29AM (#42409709) Homepage

Your loss then - see above, & "look before you leap" on things you say... lol!

APK

P.S.=> Ahem: "BEG TO DIFFER" here too:

"Mate, nothing you said has anything to do with my comment" - by Gaygirlie (1657131) on Friday December 28, @04:29AM (#42409709) Homepage

DID YOU MENTION ROOTKITS? Yes, you did - my comment has EVERYTHING TO DO with removing them easily, with FREE TOOLS + ones you most likely already have (if you are a Windows user)...

... apk

Re:Ever heard of malwarebytes?

[Gaygirlie]

(if you are a Windows user)

Indeed. The discussion was about Linux.

You got a reaction outta these /. trolls

2 replies from losers Johann Lau + Ash Vince proves your point.

You're off-topic troll (clear sign of your FAIL)

You also discovered you got your ass kicked 4x in a row:

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408051

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408095

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408147

http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42408187

* Funniest part is, you ran out of modpoints to downmod with apparently, since #2 of 4 was the only 1 downmodded (perhaps it was the 'most important' to downmod because it shows a patch vs. your FUD and falsehoods you spouted here, eh?)

APK

P.S.=> Having to go off topic on your part though? CLEAR SIGN of a your trollish "FAIL", lol...

... apk

All Sprint MVNOs are also CDMA2000 carriers

[tepples]

Most US carriers use CDMA2000.

I have always believed AT&T and T-Mobile are GSM carriers and that Sprint and Verizon are CDMA carriers.

I was under the impression that more well-known mobile virtual network operators (MVNOs) in the United States were on Sprint than on AT&T or T-Mobile.

There's a blackmailer here named erroneus

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343

Very interesting info.: erroneus = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343

There is a blackmailer here named erroneus

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343

Significant truth is erroneus = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 and his name is Jorge Bastida.

Address book mining is not "malware"

[SuperKendall]

the point is the same. Malware was installed by users using a trusted source

That's an incredibly stupid and ill-informed view because it masks the relative seriousness of two situations.

Having someone else get some of your contacts is nowhere near the same league as having an app that is contacting others and sending them apps. It is insane to claim that it has the same impact on users, and is doing them a HUGE disservice to hide the danger Android users are in compared to iOS users.

Not to mention, perhaps you missed the fact that more than 80% of iOS users are now protected against that malware attack and no Android user is? But user vulnerability means nothing to you so I guess that doesn't matter after all.

Re:Address book mining is not "malware"

[erroneus]

Please explain how iOS users are protected?

Re:Address book mining is not "malware"

[BasilBrush]

In iOS6, apps are not allowed to access the contacts database until the user has authorised the app to do so. Unlike Android, the authorization is asked for whilst the app is running, the first time it needs access, not at installation time.

Which means it's a dialog with a single question, about contacts, at the time when you can assess why the app would need it. And thus is far less likely to be affected by click-yes-to-continue-without-actually-reading problem that the Android sandbox has.

Re:Address book mining is not "malware"

[AJodock]

Having someone else get some of your contacts is nowhere near the same league as having an app that is contacting others and sending them apps.

Step 1) Get contacts and send them back to C&C servers
Step 2) Spam contacts a link to the app with a faked e-mail address matching the infected users e-mail.

It seems like the outcome/risk is the same to me. It's not like the malware can actually force the users in your contact list to install the app.

In the end the safety is the same on both iOS and Andrioid. It all depends on what they allow into the market, but it's not like they have the code for these apps so no number of tests can be enough to prove that an app is trustable. Android also has the added risk of the "Other Sources" option being easy to turn on which is needed to install this particular malware, but that is no different than jailbreaking an iPhone, which is fairly common as well.

Bottom line any device that allows you to install software, from your TV to your PC is at risk when you start putting untrusted software on them, and just because Apple/Google has done some tests doesn't mean that any app should be trusted. Unless you can read (and understand) the code then compile it yourself...

Re:Address book mining is not "malware"

erroneus/john b wilcox you need to lose weight bad http://slashdot.org/comments.pl?sid=3345911&cid=42414637 cuz you look awful.

Re:Address book mining is not "malware"

[node+3]

And not only that, the user can say "no", and still use the app!

Google really needs to work on protecting the privacy of its users. They are generally quite capable technologically, it shouldn't be hard to have an option to say yes or no to specific permissions. That they haven't done it shows that they either don't see it as a priority, or simply think the way it works now is correct.

I'd like to think it's the former, but I tend to suspect more and more that it's the latter. Hopefully this will be clarified at I/O 2013.

Re:Address book mining is not "malware"

[erroneus]

A vulnerability is found in door lock #1 and in that case, the result of the vulnerability was a burglary.

A vulnerability is found in door lock #2 and in that case, the result of the vulnerability was a rape and murder.

Clearly, the house of door lock #1 is safer than the house of door lock #2 because of the severity of the instance which followed the breech.

Do you see a problem with that line of logic? I do. The point is the breech. Not what was done after the breech.

The Technical Elitist

[SuperKendall]

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

That's odd, I would like to live in a world where even such people can make use of technology. The world I want to live it allows EVERYONE to benefit from technical advances, not a high-tech priesthood that snickers at the LUsers.

You can stay up in that ivory tower if you like but I'm trying to make the world better, not just the corner I inhabit.

Blame the users all you like, in the end they will abandon you when you treat them roughly.

Re:The Technical Elitist

[bickerdyke]

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

That's odd, I would like to live in a world where even such people can make use of technology. The world I want to live it allows EVERYONE to benefit from technical advances, not a high-tech priesthood that snickers at the LUsers.

Well, let me rephrase it: In my ideal world, everyone would understand that "This app requires dialing phone numbers" means that this app might dial phone numbers - at your expense. That's not too difficult. OK, I would love to free users from the burden of permission checking, too. But you can't complety block phone or net access, when you WANT half of the apps to have phone or net access.

So how could anyone but the user decide if a required permission is neccessary for what the app is supposed to do? Evil-Flag anyone?

Or you would need a list of "sensible" permissions for each application and check the required permissions against that "sensible" permissions.

Typical Fuckle Assdroid lUser

I can't help questioning your point that Android is the new Microsoft Windows

Well then let's take a look, M$ Windoze is infested with malware and so is Fuckle Assdroid. That is because both have numerous exploits and both fail at quality.
Fuckle Assdroid is quite unstable and M$ Windoze is as well.

that privilege is Windows Phone which is currently 6th

Which is why everyone should avoid Windoze phone as well.

Popularity alone is not a measure of similarity. The reality is right now Microsoft is pushing for an "ecosystem" read its Desktop monopoly on your phone...and nobody is buying what they are selling [Literally of Figuratively], but undeniably there is a move towards a unification of Mobile/Tablet/Desktop OS's through a shared store/look and feel/API, what is most interesting is Google who make no money directly from Android is pretty OS Agnostic, but has unified services...even on the iPhone, and as yet had not made Chrome a desirable!? platform.

Ah, spoken like a true fuckle assdroid lUser, misdirecting and deflecting people from the truth, Fuckle Assdroid is horrible compared to iOS and always will be. While you Assdroid lUsers feel the walled garden is a negative it is in all sense a positive. Apple products Just Work and the work unless there is a manufacturing defect. All iOS products get updates to where none of the Fuckle Assdroid products are ever updated.

Re:Granular permissions up-front worse for securit

[BasilBrush]

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

Ah, the old "blame the user" tactic of the fanboy. Well, these are mobile phones. And mobile phones are meant for ordinary people. If they're not suitable for ordinary people, then that's the fault of the hardware/software, not the user.

The fact is that there's a better way to do it, and iOS shows the way. Ask the user for permissions for a resource whilst the app is running, the first time the app wants access to that resource. That way the user can better assess the app, and whether it is a reasonable request.

Re:Linux your next...

[BasilBrush]

That said, in general I agree with you: there is no OS that can protect against gullible users, not even Linux can do that.

That's why it's a good idea to have a walled garden store, where apps are vetted before appearing. And where the few items of malware that get past the vetting can be removed from distribution once identified, thus preventing them affecting any more users.

Re:Linux your next...

[Gaygirlie]

That said, in general I agree with you: there is no OS that can protect against gullible users, not even Linux can do that.

That's why it's a good idea to have a walled garden store, where apps are vetted before appearing. And where the few items of malware that get past the vetting can be removed from distribution once identified, thus preventing them affecting any more users.

I agree, and it's something I've been saying for a good while now: the Average Joe - user isn't knowledgeable enough to spot malicious software and generally doesn't even want to be knowledgeable -- ignorance is much easier on the brains -- and therefore curated app stores/repositories/whatnot are good. I just advocate that it should be easy enough to turn off the walled garden, too, for those users who do need more than what the garden offers. Currently Apple's walled garden is too strict, it cannot be turned off without jailbreaking the whole thing, and Google's approach is otherwise good enough, but Google isn't actually curating their garden's content! Too bad neither of them can be coerced to see the light.

It's about Android, specifically

My app's also hosted by the security community as I told you.

APK

P.S.=> I can't let you try to crap on it, after all... apk

Education: erroneus = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida.

erroneus (Jorge Bastida) = blackmailer

Read it yourself, and his libel before it http://slashdot.org/comments.pl?sid=2261720&cid=36545928 since he tried hiding it by a downmod last time it was posted here http://slashdot.org/comments.pl?sid=3339513&cid=42399343 & here also http://slashdot.org/comments.pl?sid=3344205&cid=42411119 erroneus = Jorge Bastida.

Re:Granular permissions up-front worse for securit

[bickerdyke]

If a user is not technical enough to understand "This app requires access to your contacts" and "This app requires dialing phone numbers", they probably should donate their phone for their own good.

Ah, the old "blame the user" tactic of the fanboy.

No objection to that.

Well, these are mobile phones. And mobile phones are meant for ordinary people. If they're not suitable for ordinary people, then that's the fault of the hardware/software, not the user.

Cars are meant for ordinary people too. And that's why we don't let anyone drive but require driving licences. Not because we want to keep it some special privilege, but because it is potentially dangerous. And storing private data in a connected device is not without dangers, too. And with that, there are some responsibilities.

Like servicing your brakes. And if cars are for everyone, not everyone can do that. But the solution is not to do it, but to pay someone to do it. And in exactly the same way, someone has to check an apps data requests against the purpose of it. Either you can do it yourself, or you let someone else do it. Not doing it is a bad idea.

The fact is that there's a better way to do it, and iOS shows the way. Ask the user for permissions for a resource whilst the app is running, the first time the app wants access to that resource. That way the user can better assess the app, and whether it is a reasonable request.

No, definitly no. A user who can't assess OS privileges at install time can't do it at runtime either. We learned that from those personal firewalls that teached users to allow everything because something got blocked every few minutes.

It may come as a surprise to you, but even I think that overall safety is better on iOS. But that's not due to WHEN an app asks for privileges. It's the stricter checks before something goes into the store. It's as simple as with the brakes. You either check those permissions or you let apple do it. The costs here are a loss of flexibility and variety (alternate browser in iOS that is not merely a skin for the built in browser?)

Definitly reduces the malware risks, but not for me, thank you. But I know that this means more responsibility. That is no more elitist than any other kind of DIY.

Then you need an Android Phone

[tuppe666]

They are simply IDC's latest figures

If they were you'd have a link.

Doing a simple google search for iOS IDC marketshare shows a much higher overall percentage for iOS.

https://www.idc.com/getdoc.jsp?containerId=prUS23771812#.UN4DmtE49yA seriously is google that hard :)

Android market-share 75% iOS 14.9%

erroneus drooling for pizza (disgusting)

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

Typical Apple User :)

[tuppe666]

Fuckle Assdroid is horrible compared to iOS and always will be. While you Assdroid lUsers feel the walled garden is a negative it is in all sense a positive. Apple products Just Work and the work unless there is a manufacturing defect. All iOS products get updates to where none of the Fuckle Assdroid products are ever updated.

Another well thought out, point by point discussion. I see you have all the propaganda "Just Work" "Walled Garden Good" "Manufacturing Defect" "Updates". The sad fact is All phones just work, Its just that some have working maps, and pretty much all phones have solid hardware, if they don't have battery problems/antenna problems/purple lens flare like Apple have :) bless them if only Steve were still here. As for Apple restricting competition on their not your platform, i'm sorry your choice is limited to just one store (one browser etc etc)...its not like Apple charge massive mark-ups they look after their customers...oh wait that is their whole business model to screw their customers...we used to call that lock-in back before marketing bullshit. Anyway back to my Nexus Tablet running Jelly Bean :)

The sad fact is you haven't got Unique hardware features, Products at every price point, Cutting edge hardware...or even software. ios is the has been platform. No wonder their market share is dropping through the floor. Nobody wants their(again not your) product

Re:Typical Apple User :)

Let me guess, your a fucking nigger. Only fudge-packing niggers like you like fuckle assdroid.

Educate you? Get some slimfast fatboy!

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

Hey fatboy - invest in some slimfast!

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

Information: Get slimfast ya disgusting fatboy

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

Investigate slimfast you disgusting fat pig

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

Truth = you're a fat disgusting pig erroneus

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since that disgusting fatbody pig's an obese swine with no dick!

"Run, Forrest: RUN!" (you need to fatboy)

Explain why you ran from a challenge fatass http://slashdot.org/comments.pl?sid=3339513&cid=42393023

Educate us fatboy blackmailer libeler troll

Why'd ya run from a challenge here fatass http://slashdot.org/comments.pl?sid=3339513&cid=42393023

"Run, Forrest: RUN!" (you need to fatass)

Ya sure talk big, but when the chips are on the table you run http://slashdot.org/comments.pl?sid=3339513&cid=42393023

Insert free advert for Windows 2000

[dgharmon]

'I clicked an ad using the Windows 2000 theme that alerted me to major potential threats in my "regisetery"'.

Re:He's points out a common-sense fact though

If that's the best you've got you failed Zontar The Mindless.

erroneus/johnbwilcox lose some fat

erroneus/john b wilcox you need to lose weight bad http://slashdot.org/comments.pl?sid=3345911&cid=42414637 cuz you look awful.

interesting info on johnbwilcox/erroneus

erroneus/john b wilcox you need to lose weight bad http://slashdot.org/comments.pl?sid=3345911&cid=42414637 cuz you look awful.

erroneus/johnbwilcox: investigate slimfast

erroneus/john b wilcox you need to lose weight bad http://slashdot.org/comments.pl?sid=3345911&cid=42414637 cuz you look awful.

erroneus/john b wilcox - holy hell you're fat!

erroneus/john b wilcox you're one ugly fat fuck http://slashdot.org/comments.pl?sid=3345911&cid=42414637 lose weight ya pig. Layoff the pizza

Lose some weight ya slob erroneus/johnbwilcox

Since being publicly obese like you is embarassing. Erroneus/john b wilcox: When you eat, is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

education on erroneus/john b wilcox

Since being publicly obese like you is embarassing. Erroneus/john b wilcox: When you eat, is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

johnbwilcox/erroneus knowledge = eating FOOD

Since being publicly obese like you is embarassing. Erroneus/john b wilcox: When you eat, is your dish a wheelbarrow, your fork a pitchfork, and spoon a shovel or what http://slashdot.org/comments.pl?sid=3345911&cid=42414637 ? Does your bed use chevy truck coil springs and struts to hold your fat ass off the floor too? Hahahaha. No wonder you said this "Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 you disgustingly fat hog.

Not another Android malware post

[hawkingradiation]

There have been reports that a post designed on slashdot to help people stay away from Android is really a malicious prank designed by the underworld. Most of the malware involved in the post has the Linux "criminal escalation" kernel trap utilized as part of its functionality. We know this because a Russian firm, inconspicuously named as "Doctor Web", has chosen to release the details of this attack via a well known Windows virus labeling and applied it to Linux. We can only hope that people wake up to this threat, especially since most of the attacks on Linux involve trojans whereby the user has "no way of knowing" that the App is indeed malware.

Re:Granular permissions up-front worse for securit

[BasilBrush]

I think that overall safety is better on iOS. But that's not due to WHEN an app asks for privileges. It's the stricter checks before something goes into the store.

It's both.

What about pizza shop breakins?

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769

Dominos + Pizza Hut better look out then

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769

The pizza must be locked down

"Oh... to eat pizza again..." by erroneus (253617) on Saturday December 22, @05:20PM (#42371769) from http://slashdot.org/comments.pl?sid=3335159&cid=42371769 since Mr. disgustingly obese fatbody can't seem to get his clutches on it.

It won't help - not where MOST threats are

http://it.slashdot.org/comments.pl?sid=2655681&cid=38943319

* Take a read - the MOST threats are from compromised websites &/or those with malicious script on them to begin with!

APK

P.S.=> "NEXT"...

... apk

What slashdot trolls do when defeated?

Issue a downmod vs. facts & common-sense -> http://mobile.slashdot.org/comments.pl?sid=3344205&cid=42407763

* Days later too, lol... I just KNEW that'd be their "last resort", since it always is!

APK

P.S.=> Piss poor of you trolls, thinking I wouldn't be watching & catch you in the act, as-per-your-usuals...

... apk