Android Botnet Infects 1 Million Plus Phones

← Back to Stories (view on slashdot.org)

Android Botnet Infects 1 Million Plus Phones

Posted by timothy on Friday January 18, 2013 @10:50PM from the click-here-to-download dept.

Trailrunner7 writes "Up to a million Android users in China could be part of a large mobile botnet, according to research unveiled by Kingsoft Security, a Hong Kong-based security company, this week. The botnet has spread across phones running the Android operating system via Android.Troj.mdk, a Trojan that researchers said exists in upwards of 7,000 applications available from non-Google app marketplaces, including the popular Temple Run and Fishing Joy games." Update: 01/19 12:54 GMT by S : Changed summary to reflect that these apps didn't come from Google Play.

92 comments

Min score:

Reason:

Sort:

Excellent fact-checking as usual by Macthorpe · 2013-01-18 22:54 · Score: 5, Informative

http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
Not in Google Play at all.

--
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
1. Re:Excellent fact-checking as usual by sjwt · 2013-01-18 22:59 · Score: 3, Insightful
  
  And excellent wording for FUD... after all "up to 1 million aliens *could* be controlling the worlds governments"
  
  --
  You have 5 Moderator Points!
  Which Helpless Linux zealot/MS basher do you want to mod down today?
2. Re:Excellent fact-checking as usual by SternisheFan · 2013-01-18 23:00 · Score: 5, Insightful
  
  http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
  Not in Google Play at all.
  Thank you! These 7000 plus apps were 3rd party apps that were not downloaded from Google Play.
3. Re:Excellent fact-checking as usual by AmiMoJo · 2013-01-18 23:20 · Score: 4, Informative
  
  Since most people are too lazy to RTFA the malware infected apps are actually on China Mobile's own app store, not Google Play.
  It looks like another case of a company thinking "everyone has an app store, we should get one!" but not realizing there is a need to actively police it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-18 23:26 · Score: 2, Informative
  
  Everybody knows Chinese people always download from Chinese pirate sites. You can get everything for free. Including infected.
5. Re:Excellent fact-checking as usual by Anne+Thwacks · 2013-01-18 23:59 · Score: 2
  
  Not if the Zombies have a say in it!
  
  --
  Sent from my ASR33 using ASCII
6. Re:Excellent fact-checking as usual by sjwt · 2013-01-19 00:06 · Score: 1
  
  Only if you fail to lead the plant army correctly!
  
  --
  You have 5 Moderator Points!
  Which Helpless Linux zealot/MS basher do you want to mod down today?
7. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 00:18 · Score: 0
  
  http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
  Not in Google Play at all.
  Thank you! These 7000 plus apps were 3rd party apps that were not downloaded from Google Play.
  Doesn't that imply that if Google-Play/Android was a walled garden like iPhone/iTunes this would not have happened? I suppose that one could also weigh Android down with Windows style malware defences. Irony abounds....
8. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 00:27 · Score: 5, Insightful
  
  Doesn't that imply that if Google-Play/Android was a walled garden like iPhone/iTunes this would not have happened?
  Um, no.
  Just because China Mobile's (cr)app store isn't doing its job doesn't mean Google should become as draconian as Apple in this regard. People have a choice, and if they are willing to download from a poorly regulated source, and are willing to endure infections just so they don't have to pay for their apps, that's their business. I certainly hope their data plans are unlimited.
9. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 00:31 · Score: 0
  
  You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.
10. Re:Excellent fact-checking as usual by mysidia · 2013-01-19 00:33 · Score: 1
  
  The virus/malware authors though, might not appreciate you pirating their software, and may sue as a result....
11. Re:Excellent fact-checking as usual by jareth-0205 · 2013-01-19 00:37 · Score: 4, Insightful
  
  You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.
  Probably does. The price of freedom is that people are free to install malware.
12. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 00:51 · Score: 0
  
  The more software pirating a society has the more apathy they have towards security. Many Slashdotters would find the idea of running such insecure trojanned warez hair raising but they don't seem to worry about it.
13. Re:Excellent fact-checking as usual by koxkoxkox · 2013-01-19 01:02 · Score: 3, Informative
  
  Chinese users often have no choice, as Google Play is often not present in the phone. Manually installing it is quite complicated.
14. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 01:18 · Score: 0
  
  As long as the walled garden is doing due diligence, it is probably safer.
  On the other hand, Google provides some of the tools necessary to judge the trustworthyness of the software regardless of the source. For example: if the app is demands permission to access the network when it shouldn't be necessary, perhaps it's time to ask if it is worth using that particular app. That approach won't protect you from everything, but it sure as hell is better than downloading apps blindly.
15. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 01:45 · Score: 0
  
  "if the app is demands permission to access the network"
  This is idiotic from a usability point-of-view. These tools help only an expert, not a normal user, to jude the trustworthiness. Android shouldn't tell the user that an App is "trying to access the network", it should tell the user what data the app is trying to send where, whether it will do so once or again in the future (or continuously), etc.
  And yes, all that is technically possible; you just have to define permissions for high-level operations instead of low-level device access, and have the high-level operations implemented in terms of low-level device access *by a trusted system component*.
16. Re:Excellent fact-checking as usual by rjr162 · 2013-01-19 01:46 · Score: 1
  
  The original article they linked to iirc was some smaller website that did list Google play
17. Re:Excellent fact-checking as usual by arth1 · 2013-01-19 02:04 · Score: 3, Insightful
  
  Title: 1 Million+
  First line of summary: Up to a million
  Yes, standard /. fare lately. Not only is it meaningless (and thus not nerdy - the details are more important than the big picture to a nerd), but the editors contradict themselves and come across as both careless and ignorant.
18. Re:Excellent fact-checking as usual by Nerdfest · 2013-01-19 02:50 · Score: 5, Insightful
  
  The price of Apple's walled garden is that they get to define what is malware. (So far, things like apps to teach children how to program, games that are too 'political', porn, Android magazines, etc). I'll take my chances, thanks.
19. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 03:14 · Score: 1
  
  Probably does. The price of freedom is that people are free to install malware
  ... which is not what 99% of the population wants.
  This malware problem has caused a lot of the shift away from Wintel PCs, and there's no reason the same can't happen to Android.
20. Re:Excellent fact-checking as usual by Sigg3.net · 2013-01-19 03:20 · Score: 2
  
  Well, I for one, welcome our hypothetical overlords!
  
  --
  Defining Statistics and Social Research
21. Re:Excellent fact-checking as usual by BasilBrush · 2013-01-19 03:35 · Score: 1
  
  Damn it! iPhone is once again not affected. One of these days I'll get the chance to welcome the malware overlords!
22. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 03:36 · Score: 1
  
  Not in Google Play at all.
  Not this time.
  But there were cases of malware in the official Google store as well.
23. Re:Excellent fact-checking as usual by DerekLyons · 2013-01-19 03:54 · Score: 1
  
  It looks like another case of a company thinking "everyone has an app store, we should get one!" but not realizing there is a need to actively police it.
  Yet, in the past, Slashdot has held that's not a bug, but rather is a key *feature* of the Android ecosystem - the ability to leave the walled garden and wander in the wilds.
24. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 04:13 · Score: 1
  
  Don't forget, APL's already allowed actual malware onto their store with at least a few thousand installs, before Charlie Miller came out and announced to the world that his app was whitehat malware (but malware nonetheless).
  Makes you wonder how many applications are malware on the store when there's only "one pair of eyes" that can look at the apps easily. I mean, these apps could easily abuse the same jailbreak bug to install themselves...
25. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 04:16 · Score: 1
  
  And it still is?
  Consider there are plenty of application stores like GetJar, Amazon, MiCandy that have never suffered an infection because they're reputable...
  It's like you go to a drug dealer cartel and not expect them to have drugs or weapons. Some people can't be trusted to keep you safe.
26. Re:Excellent fact-checking as usual by SternisheFan · 2013-01-19 04:25 · Score: 4, Informative
  
  Damn it! iPhone is once again not affected. One of these days I'll get the chance to welcome the malware overlords!
  I wouldn't act so apple-ey smug, if I were you. Apple iPhones have infected apps out there in the wild also, same as Android. If you jailbreak your phone and download apps from outside the apple store, you too will be risking getting malware.
27. Re:Excellent fact-checking as usual by alostpacket · 2013-01-19 04:31 · Score: 2
  
  The actual original article (Xinhua via Google translate)
  http://translate.google.com/translate?hl=en&sl=zh-CN&tl=en&u=http%3A%2F%2Fnews.xinhuanet.com%2Ffortune%2F2013-01%2F11%2Fc_114339598.htm
  The "Security researchers": Jinshan networks / Kingsoft (DuBa)
  http://translate.google.com/translate?hl=en&sl=zh-CN&u=http://www.ijinshan.com/&prev=/search%3Fq%3DKingsoft%2B(DuBa)%26hl%3Den%26safe%3Doff%26client%3Dfirefox-a%26hs%3DtyH%26tbo%3Dd%26rls%3Dorg.mozilla:en-US:official%26channel%3Drcs&sa=X&ei=xMn6UMCuGtCM0QGMyIDIDg&ved=0CEAQ7gEwAQ
  
  --
  PocketPermissions Android Permission Guide
28. Re:Excellent fact-checking as usual by Lussarn · 2013-01-19 05:00 · Score: 1
  
  Or you could read the reviews in the play store before downloading. If the app is full of crap there are 500 persons telling you so. Not really hard...
29. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 05:01 · Score: 0
  
  You did not answer the question about walled gardens. In fact, you gave a hint that the absence of a walled garden *did* exacerbate the problem.
  The absence of a "walled garden" *can* exacerbate the problem, but doesn't have to (Google's app store is a good example). The onus is on the end user. They are free to choose their platform (in this case Android), their app store (in this case China Mobile), their apps (in this case "free" versions of apps that aren't normally "free"), and their level of risk.
30. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 05:21 · Score: 0
  
  This malware problem has caused a lot of the shift away from Wintel PCs
  Isn't Windows at 90% desktop share still? I think junk like Win8 and Vista caused a lot more of that shift. Netbooks and laptops are a different story though.
31. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 05:31 · Score: 0
  
  ... which is not what 99% of the population wants.
  This malware problem has caused a lot of the shift away from Wintel PCs, and there's no reason the same can't happen to Android.
  No, they will just put up with it, even it it means installing Norton for Android and five different background anti-piracy DRM agents. The future is bright for Android!
32. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 05:33 · Score: 0
  
  Amazon's store works on many devices.
33. Re:Excellent fact-checking as usual by screwdriver · 2013-01-19 05:49 · Score: 1
  
  I love it! I'm sure they made damn sure apps like orbot (tor) are not available, but they could care less if malware gets through.
34. Re:Excellent fact-checking as usual by tepples · 2013-01-19 06:02 · Score: 1
  
  Amazon's store works on many devices.
  In which countries? The last time I checked, paid apps on Amazon Appstore were available only to billing addresses in the United States of America.
35. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 06:21 · Score: 1
  
  [Citation Needed]
  Due to the destruction of the JB scene, no Apple device made since 2010 that runs iOS 6 can run apps outside the App Store. Maybe an iOS dev could have a beta app out that might do some damage, but people would be knowingly installing it.
  With over five years of not even a single malware issue in the wild, iOS has showed that it is the most secure OS in history.
36. Re:Excellent fact-checking as usual by Plumpaquatsch · 2013-01-19 06:46 · Score: 2
  
  http://www.zdnet.com/new-android-malware-infects-100000-chinese-smartphones-7000000497/
  Not in Google Play at all.
  Considering those are all Chines phones, that's not really surprising. Most "Android" phones sold in China don't have access to Google Play.
  Which is the real problem here: Google has walled them out of their garden and forces them to go to even unsafer places.
  
  --
  Of course news about a fake are Fake News.
37. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 08:46 · Score: 0
  
  False, the PS3 has never had any malware, not even a PoC.
38. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 09:08 · Score: 0
  
  Android shouldn't tell the user that an App is "trying to access the network", it should tell the user what data the app is trying to send where, whether it will do so once or again in the future (or continuously), etc.
  I was thinking about updating the Android Firewall app to do this. Block connections by default, monitor iptables logs and pop up a dialog box allowing temporary/permanent connections to the remote host/any host. Of course, it would be better if it was built into the system and connections could be delayed instead of dropped initially.
39. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 09:36 · Score: 0
  
  Perhaps that used to be true, but as a woman living in the United Kingdom, I can say that Amazon Appstore has always allowed me to buy paid apps (I have only had my first Android phone for about three months though, and Amazon Appstore on it for about two).
40. Re:Excellent fact-checking as usual by ChatHuant · 2013-01-19 10:05 · Score: 1
  
  The price of freedom is that people are free to install malware.
  Which makes Windows the freest platform of all by far.
41. Re:Excellent fact-checking as usual by Clsid · 2013-01-19 11:47 · Score: 1
  
  Well, it's not like you have a choice. Google Play does not work in China, as well as usual stuff you would expect to work like Youtube, Facebook, Twitter, Google Drive and even Gmail. So you have alternative stores that provide apps, but you also have mobile antivirus software in China which is what most sensible people would use.
  Then again, with China Mobile alone we are talking about 670 million users compared to 100 million users that AT&T has. It is quite impressive that there aren't any more infections.
42. Re:Excellent fact-checking as usual by Clsid · 2013-01-19 11:51 · Score: 1
  
  In this case, either China Mobile provides the store or they include a third party since Google Play does not work in China. I would actually feel safer to use something from China Mobile given they are the largest carrier, but this incident proves that if you are in China, you are better off using a Windows Phone or an iPhone, even if they are outrageously expensive over there.
43. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-19 11:55 · Score: 0
  
  Xkcd 870, panel 1.
44. Re:Excellent fact-checking as usual by thegarbz · 2013-01-19 12:40 · Score: 1
  
  The only irony is that the readership of Slashdot is well in the affirmative for freedom of citizens, gun ownership, freedom from censorship and tyranny, yet some how manages to be split on the idea of having some corporate entity decide what can and can't do in the name of malware prevention.
45. Re:Excellent fact-checking as usual by S.O.B. · 2013-01-19 13:34 · Score: 1
  
  Various incarnations of MVS have been running since 1974. No viruses or malware reported. Five years barely even registers on that time scale.
  Real men run their operating systems on big iron.
  
  --
  Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
46. Re:Excellent fact-checking as usual by BasilBrush · 2013-01-19 15:13 · Score: 1
  
  Apple iPhones have infected apps out there in the wild also, same as Android.
  No, not the same. A drop of water, long since evaporated is not the same as a bucket of water.
  
  If you jailbreak your phone and download apps from outside the apple store, you too will be risking getting malware.
  In further news, condoms are useless if you cut the ends off them. Doh!
47. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-20 05:23 · Score: 0
  
  oh god... WILL someone please put iptables in FRONT of android and get this shit over with already?
  Then head over to the SCADA shit, put iptables on.
  Then head over to the Nuke Plants, put iptables on.
  what was the other one I'm forgetting? oh yeah Electrical Power Distribution. put iptables on.
  seems like I am forgetting a few more here... Car Computers or some damn thing.
48. Re:Excellent fact-checking as usual by Anonymous Coward · 2013-01-20 09:26 · Score: 0
  
  Who gives a crap whats going on in China... When they cross the border then I'll care... We have enough of these problems to deal with within our own borders to worry about putting any sort of concentration into China's Android phone problems... Google Play isn't even in China, nor is YouTube, or anything else that would really matter, these phones maybe running some sort of Android OS but it's not one that is recognized by Google obviously, or the rest of the world.. Remember China has the Largest Apple store in the world, that is not officially an Apple store and deosn't sell "Real" Apple devices or products.. China is in complete digital Anarchy compared the rest of the world..
49. Re:Excellent fact-checking as usual by tlhIngan · 2013-01-21 04:08 · Score: 1
  
  The only irony is that the readership of Slashdot is well in the affirmative for freedom of citizens, gun ownership, freedom from censorship and tyranny, yet some how manages to be split on the idea of having some corporate entity decide what can and can't do in the name of malware prevention.
  I think it's due ot direct exposure. Most of those rights get abused by an irresponsible few (who often ruin it for the responsible many).
  Very few /.'ers have experienced the tragedy that strikes from say, irresponsible gun ownership (like loaded storing guns in an oven, or on the coffee table accessible to any kid walking by, nevermind mass shootings), or lived in countries where censorship and tyranny are common (because they won't be able to get /. typically), and such.
  However, most /. users HAVE experienced the direct effects of malware - spam, DDoS attacks, etc. And they know most users don't care about computers enough to maintain them or such. Being somewhat pragmatic people, learning all about the ins and outs of a computer is similar to learning the ins and outs of a car and eventually being able to be a shadetree mechanic (which we know isn't true of the vast majority of drivers). Also being pragmatic, said /. users don't really want to travel around to their family member's houses and fix their computers, either, so they wish to have a simple solution to save themselves and do everyone else a favor.
  Probably also due to the fact most /.'ers think everyone else is similar to them with similar goals - if you own a gun, you'd take care in storing it and ensuring you're trained and licensed and all that. Or that you'll watch what you say so that it's defensible (also why most have a disdain for those who publish their whole lives online and seeing it bite them in the ass because it gets used as evidence or reason to be denied employment).
  Basically the /. profile is that of a reasonably responsible person who has enough common sense to realize when things are dangerous (e.g., loaded guns in the house) and avoid them as much as possible.
Not from Google Play by Anonymous Coward · 2013-01-18 23:00 · Score: 3, Informative

Actual BBC story:"Trojan had been found in more than 7,000 apps downloaded from _non-Google-owned_ stores."
It's a bit weird that neither the submitter nor the threatpost author thought it strange that thousands of popular apps on Google Play would include a trojan that has been known about for over a year?
1. Re:Not from Google Play by Savage-Rabbit · 2013-01-19 00:35 · Score: 1, Insightful
  
  Actual BBC story:"Trojan had been found in more than 7,000 apps downloaded from _non-Google-owned_ stores."
  It's a bit weird that neither the submitter nor the threatpost author thought it strange that thousands of popular apps on Google Play would include a trojan that has been known about for over a year?
  It's a bit ironic that fAndroids, who have been criticising Apple's walled garden for years, are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please rather than only dealing exclusively with Google owned or Google sanctioned stores. Not to say that walled gardens are a good thing but this discussion is nevertheless quite amusing since it tacitly admits that walled gardens, for all their other faults, are an efficient way to filter out malware. As long as there are other ways to download Android apps than from a walled garden of Google owned or Google sanctioned third party stores things like this will continue to happen.
  
  --
  Only to idiots, are orders laws.
  -- Henning von Tresckow
2. Re:Not from Google Play by berashith · 2013-01-19 00:48 · Score: 4, Interesting
  
  This is a simple case of "just because you can, doesnt mean you should". I like the OPTION of loading apps from anywhere. I also pay attention to what gets installed and where. I turn off the alternate installation locations unless I am actively installing something. The people who want pay apps for free just pay a price that isnt money, and their stupidity should have no impact on my ability to be allowed to use my device as I want. No need to force your draconian bliss on the rest of the planet.
3. Re:Not from Google Play by Anonymous Coward · 2013-01-19 01:08 · Score: 1
  
  fAndroids...are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please
  I haven't seen anyone doing that.
  
  Not to say that walled gardens are a good thing but this discussion is nevertheless quite amusing since it tacitly admits that walled gardens, for all their other faults, are an efficient way to filter out malware.
  And a sledgehammer is also an amazingly efficient way of cracking a walnut. "All their other faults" is a nice way of glossing over glossing over the fact that the cons of a walled garden outweigh the pros.
4. Re:Not from Google Play by peragrin · 2013-01-19 01:53 · Score: 1
  
  As was shown in the 70's you never know that the source your using is actually trusted.
  Just because the source is good doesn't mean the compiler was.
  many an infected and ultimately untrustworthy app was been downloaded from google play. Google like apple though monitor them and updates get pushed through so widespread failures are rare.
  Draconian bliss can be used for good. The trick is balancing out the Draconian rules with fairness.
  
  --
  i thought once I was found, but it was only a dream.
5. Re:Not from Google Play by Anonymous Coward · 2013-01-19 02:49 · Score: 0
  
  fAndroids...are now criticising other Android users for making full and enthusiastic use of the freedom of the Android platform to download apps from anywhere they damn well please
  I haven't seen anyone doing that.
  They you are blind, the OP stated this only happened because the affected Android users did not limit themselves to the Google store. That implies the criticism that if they had remained in the Google fold their phones would not have been affected.
6. Re:Not from Google Play by Anonymous Coward · 2013-01-19 03:09 · Score: 0
  
  You may notice upon re-reading my post that I did not criticize other android users. Were you perhaps projecting a little?
7. Re:Not from Google Play by berashith · 2013-01-19 03:25 · Score: 1
  
  this is true, but there is a big difference in the monitored stores and the bootleg stores that people are getting infected in. The google owned store could have junk inserted from a bad compiler, where the chinese free stores have intentional malware inserted.
8. Re:Not from Google Play by Anonymous Coward · 2013-01-19 03:27 · Score: 2, Insightful
  
  Can I as the original commenter take part in this second-guessing of my implied message?
  I did not say "this only happened because the affected Android users did not limit themselves to the Google store" at all as you claim -- pretty bold of you to just say that when my message is clearly visible above... Also, nothing in my post was meant to "imply the criticism that if they had remained in the Google fold their phones would not have been affected" (in fact I don't even have a clear opinion on whether the open model or the Apple 'closed garden' model is better).
  My only criticism was aimed at the shoddy reporting: It included a pretty big factual mistake. Mistakes sometimes happen, but this one made the story so unbelievable that it's hard to understand how both the article author and the submitter failed to apply some common sense and re-check the source.
9. Re:Not from Google Play by alostpacket · 2013-01-19 04:11 · Score: 1
  
  There's a difference between curated and walled.
  
  --
  PocketPermissions Android Permission Guide
10. Re:Not from Google Play by Cinder6 · 2013-01-19 04:46 · Score: 1
  
  And a sledgehammer is also an amazingly efficient way of cracking a walnut. "All their other faults" is a nice way of glossing over glossing over the fact that the cons of a walled garden outweigh the pros.
  That's rather subjective, isn't it? I would imagine that Apple's "walled garden" approach works just fine for most of its users. You do see a lot of complaining, but keep in mind that people are more likely to go to a forum to complain than to say everything's great.
  For myself, as an iOS user, I have only been miffed with Apple's policies three times. The first was MyWi, but that is probably due more to the carrier; the second was Swype, but now that Siri's out I pretty much use voice dictation for my phone, and I can type surprisingly fast on my iPad; the third was when they wouldn't give Sparrow the push email privilege.
  I did jailbreak my phone at one point. There were some neat things in Cydia, but many of them were surprisingly expensive. I wound up reverting to standard iOS for a couple reasons, but one of them was that those same neato tools (I only installed two or three of them) absolutely killed my battery life.
  
  --
  If you can't convince them, convict them.
11. Re:Not from Google Play by Anonymous Coward · 2013-01-19 04:52 · Score: 0
  
  See, in the real world, people tend to trust other people *IF* they've proven that they're trustworthy. If you're too stupid to realize that not everyone will treat you with respect and dignity, then you might as well kill yourself now -- because someone's going to trick you out of your money / life / loved ones really soon.
  Android users have the option of staying in Google Play, or branching out to REPUTABLE stores like GetJar, Amazon, ... MiCandy (hey, 80% of the total internet traffic is porn, and I won't judge). They also have the option of risking infection from downloading all over - and Android warns you that if you "go off the reservation, we can't protect you."
  Incidentally, the OP didn't say that "if someone stayed in Google". He said: "It's odd that it'd be hanging around for a year if it was found in Google Play." You should get your head out of your ass.
  It's also funny that you're roasting Android for off-market installation when EVERY SINGLE desktop OS has this feature. Every single company has at least one product that allows for off-market installs.
12. Re:Not from Google Play by Anonymous Coward · 2013-01-19 09:48 · Score: 0
  
  Freedom for everyone will affect you personally if the botnet is used for DDoS attack. Enforcing security for everyone is not a bad thing even for power users, which will use developer mode/jailbreak/rooting/whatever anyway.
13. Re:Not from Google Play by Anonymous Coward · 2013-01-19 11:35 · Score: 0
  
  No, it's not ironic at all.
  Android users don't need to jailbreak their phones to install an app. They use Google Play because they choose to. And it seems that millions do make that choice.
  Google Play isn't like Apple's App store at all. They have some malware checks, but that's it. They don't ban apps because they're political, or religious, or simply because someone doesn't "like" them.
Computing Power by MassiveForces · 2013-01-18 23:03 · Score: 2

Imagine if botnets were put to benevolent uses, like distributed computing projects. Seriously forget credit card data - nobody has any money these days. Process some folding at home and collect some Nobels.
1. Re:Computing Power by Anonymous Coward · 2013-01-18 23:52 · Score: 0
  
  Not much computing power, the machines infected with them would have so much other crap on them (such as OEM preinstalled gunk) that the bot would at most be able to tap a percentile of the CPU's power.
2. Re:Computing Power by Rockoon · 2013-01-18 23:59 · Score: 1
  
  ...the bot would at most be able to tap a percentile of the CPU's power.
  10 percent of a million CPU's is still equivalent to 100,000 CPU's.
  
  --
  "His name was James Damore."
3. Re:Computing Power by Anne+Thwacks · 2013-01-19 00:02 · Score: 2
  
  I thought for a minute you wrote forge Credit cards: The I remembered the Search for Expoitable Transaaction Information project. Yes, botnets really can work for the dark side!
  
  --
  Sent from my ASR33 using ASCII
4. Re:Computing Power by Anonymous Coward · 2013-01-19 00:37 · Score: 1
  
  Or generating massive rainbow tables...
5. Re:Computing Power by Anonymous Coward · 2013-01-19 02:07 · Score: 0
  
  Seriously forget credit card data - nobody has any money these days
  But that's exactly why they want _credit_card_ data - because it's not the card customer's money they are stealing, it's the car issuers'.
6. Re:Computing Power by Plumpaquatsch · 2013-01-19 07:48 · Score: 1
  
  Imagine if botnets were put to benevolent uses, like distributed computing projects. Seriously forget credit card data - nobody has any money these days. Process some folding at home and collect some Nobels.
  Yeah, sure. Drain some million Chinese guys phone battery, so somebody else can get a Nobel Prize.
  
  --
  Of course news about a fake are Fake News.
A million bots! All on dialup! by Let's+All+Be+Chinese · 2013-01-18 23:10 · Score: 1

Alright, not exactly dialup. But close enough for making the comparison on slashdot.
Should be interesting, trying not to make too much of a mess to avoid running the bots out of traffic allowance and/or running up the punters' bills enough to notice something is amiss.
Actual real problem vs non-existing problem by roman_mir · 2013-01-19 00:05 · Score: -1

This is what a real security problem looks like as opposed to made up problems like Java sandbox security bugs.
Android is a platform that is actually used in half a billion of devices on this planet that people actually use.
Java sandbox in a browser is almost unused, there is a very limited number of users and you have to click through applet installation, so stealth applet installation is not going to happen.
Here is how a real world security threat works: I AM ANOTHER FLASHY GAME, INSTALL ME!
The user installs the flashy game and it takes over his phone.
Here is how java applet works: I AM ANOTHER FLASHY GAME, INSTALL ME!
The user tries to click on the thing, it fails to download the IcedTea plugin or whatever is required and the user gives up.

--
You can't handle the truth.
state by shentino · 2013-01-19 00:45 · Score: 0

If it was china I wouldn't be surprised if those rootkits were backed by chinese officials.
Walled gardens by mrprogrammerman · 2013-01-19 00:49 · Score: 0

Maybe walled gardens aren't so bad. They keep you locked in but they also keep the bad guys out.
1. Re:Walled gardens by Anonymous Coward · 2013-01-19 01:09 · Score: 0
  
  depends who you think the bad guys are,
  i think companies like Omniture/Google/Doubleclick/Mobclix/admob/vibrantmedia/appleads etc etc are the bad guys,
  million dollar dedicated spying operations with no way to know what that "app" is really doing with my addressbook/gps location/websitehistory/imei
  all available in the appstore, paid and free, with millions of apps to choose from, all infected with these spying companies code
Is M-x tetris pirating? by tepples · 2013-01-19 01:23 · Score: 1

In your correlation between rates of "software pirating" and security, do you consider the development and dissemination of free software workalikes of proprietary video games to be "software pirating"? I can think of a few companies that do. Yes, things like M-x tetris in Emacs are a sort of edge case, but defining the edge of discussion helps participants find common ground from which to start.
Don't want to BOINC and call 911 on one device by tepples · 2013-01-19 01:36 · Score: 1

Imagine if botnets were put to benevolent uses, like distributed computing projects.
Distributed computing botnets would run up a CPU bill, causing the user to click "What has been using my battery?". That's why, for example, the Distributed.net client didn't get ported to PDAs and the like.
NOT AN INFECTION by Anonymous Coward · 2013-01-19 02:54 · Score: 0

"Android Botnet Infects 1 Million Plus Phones"
It's NOT AN INFECTION when user willingly installs a malicious application and approves its permissions.
Learn the basics of compooters before you write something that stupid next time.
1. Re:NOT AN INFECTION by Gaygirlie · 2013-01-19 04:04 · Score: 1
  
  It's NOT AN INFECTION when user willingly installs a malicious application and approves its permissions.
  That's like saying that it's not an infection if you inject yourself with HIV because you knowingly do it -- obvious rubbish. OF COURSE it is an infection still. Especially when the malware - package is HIDDEN inside another one, so that when the user thinks he's installing one thing he's actually getting two things. You might have a point if the user knowingly installed a malware - package, but that's just not the case.
  
  Learn the basics of compooters before you write something that stupid next time.
  Indeed, mate, indeed.
Who did NOT see this coming? by Anonymous Coward · 2013-01-19 03:12 · Score: -1

I know it's not from Google's app store but still... One million smartphone part of a botnet is nothing to sneeze at.
Who didn't honestly see that one coming?
You know what: that is just the beginning.
I'm not trolling (I'm using Linux and I'm using Google's GMail / Google Apps for Businees / Google+, YouTube, etc. so I'm pretty much pro-Google): I'm simply part of those who saw this coming. It was just all too clear that it was just a matter of time before smartphones became zombified like countless Windows PCs.
Meanwhile my Nokia 3210 is allowing me to, you know, give and receive phone calls (and even SMS). I know it's shocking but it "Just Works [TM]".
1. Re:Who did NOT see this coming? by ravenlord_hun · 2013-01-19 03:48 · Score: 1
  
  Let me know when you get SMS forwarding or time based caller blacklisting working on that phone.
2. Re:Who did NOT see this coming? by Anonymous Coward · 2013-01-19 04:46 · Score: 0
  
  Android is based on Linux the safest operating system that has ever been created. When attackers successfully compromise software on Windows, Mac OS, Unix, Linux or Android, the usual cause is user error, followed by user-mode software bugs. The kernels almost never have anything to do with it. That's why claims by Linux zealots that the Linux kernel somehow 'protects' Linux from malware (or similar comments by Apple zealots about the XNU kernel, although most Apple zealots aren't technically literate enough to know what a kernel is) have always been ridiculous. If Windows zealots made similar comments about the NT kernel 'protecting' Windows from malware, they would be equally ridiculous, but I've never heard/read such claims. NT, XNU and Linux are all good kernels, but they can't magically protect users from malware. What generally matters most for protection from malware is the policies determining which software is allowed to run. Multi-user systems where professional systems administrators determine what is allowed to run tend to be much safer than single-user systems where users decide for themselves. One of Apple's biggest innovations with its App Store has been to act as a sort of systems administrator for iOS users, protecting them from themselves. Since Apple profit from the app sales, they have a strong incentive to spend money to properly vet apps (and so do Microsoft, since they copied the Apple model). In contrast, Google don't profit from app sales, so their incentive is simply to minimise costs. That's probably why Apple seems to do a much better job of vetting apps than Google. Even worse for Android, since it's open source, anyone can create their own app store and allow malware to flourish.
3. Re: Who did NOT see this coming? by Anonymous Coward · 2013-01-19 06:50 · Score: 0
  
  What do you mean Google doesn't profit from the Play store? They take a 30% cut just like apple does.
Have some perspective by Anonymous Coward · 2013-01-19 04:59 · Score: 0

In the world of open source, you don't have to put your trust in someone else's binary. You can access the source yourself. The problem is that "commodity users" don't care what they install on their machines.
All it takes is one moron with bad intentions and everyone blames the system.
http://techrights.org/2012/12/12/xuxian-jiang-vs-android/
Hong Kong-based security company? by dgharmon · 2013-01-19 08:43 · Score: 1

Microsoft VIA Member

"Kingsoft Internet Security 9 Plus is a complete package with Anti-Virus, Anti-Spyware, and Firewall applications, providing a complete solution to protect your computer system against the latest online threats. link

--
AccountKiller
1. Re:Hong Kong-based security company? by Clsid · 2013-01-19 11:58 · Score: 1
  
  If you think Kingsoft is a tool, think again. That company is owned by Lei Jun, which is like China's Steve Jobs. That guy is creating a complete hardware/software solution not unlike the iPhone, by heavily modifying Android. They are offering their new cell phones at a very competitive price in continental China and it's been selling like hot cakes.
  Here is a good article about the guy http://www.forbes.com/sites/simonmontlake/2012/07/18/xiaomis-lei-jun-chinas-answer-to-steve-jobs/
wtf? by Anonymous Coward · 2013-01-19 09:49 · Score: 0

I thought China was a botnet
Not in F-Droid either by Anonymous Coward · 2013-01-19 12:49 · Score: 0

F-Droid (f-droid.org) is the FOSS repository for freely licensed Android applications and as a rule they weed out things that have anti-features & malware in them since generally those don't ever provide source-code to anyone. Recommended as a non-tracking/info-harvesting alternative to Google's 'service'.
what happened to many eyes looking at source? by Anonymous Coward · 2013-01-19 16:05 · Score: 0

Don't worry, Lumia phones are on the way.
Bwahhhhaaahaaahaaaah!!!
Whew... by Anonymous Coward · 2013-01-20 05:55 · Score: 0

I guess we are safe then if we aren't using a chinese made cell phone.
We aren't are we?
Apple Hater, behind the times as usual by SuperKendall · 2013-01-21 19:17 · Score: 1

So far, things like apps to teach children how to program, games that are too 'political', porn, Android magazines, etc
Perhaps the last two you might have something, but there is a slew of apps to help you actually program on the iPad/iPhone.
And of course you can always jailbreak. So on iOS, only the people who know what the risks are are exposed to them. That seems like a far more sensible layered security model than screwing over one million technologically inept people just because you are too lazy to jailbreak before accessing alternate app sources.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley