Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Android Trojan Fakes Device Shut Down, Spies On Users

Posted by timothy on from the let's-listen-in dept.

An anonymous reader writes A new Android Trojan that tricks users into believing they have shut their device down while it continues working, and is able to silently make calls, send messages, take photos and perform many other tasks, has been discovered and analyzed by AVG researchers. They dubbed it, and AVG's security solutions detect it as PowerOffHijack.

66 of 118 comments (clear)

  1. not-a-bug; wont-fix by sbrown7792 · · Score: 4, Funny

    Issue closed by NSA

    1. Re:not-a-bug; wont-fix by slashmydots · · Score: 2

      This sounds much more like something the Chinese government would do, although they would simply force the manufacturer to do it, not trick people with fake apps.

    2. Re:not-a-bug; wont-fix by riis138 · · Score: 1

      I would say that's a good guess, though the NSA has had some of their nefarious methods of spying exposed lately as well.

      --
      Somewhere, something incredible is waiting to be known. -Carl Sagan
    3. Re:not-a-bug; wont-fix by ShanghaiBill · · Score: 3, Insightful

      This sounds much more like something the Chinese government would do

      It sounds more like something an anti-virus company like AVG would make up to get publicity and boost sales. If this was something real, they should name the app (they don't) and/or describe a plausible mechanism. An Android app can detect a hard power down (so that it can save data or whatever) but it cannot stop or delay it. So the only way it could work is to trick the user into releasing the power button too early.

    4. Re:not-a-bug; wont-fix by Bonzoli · · Score: 1

      I'm assuming this only gets in a phone if its jail broken/rooted and your downloading illegally obtained crap the phone. My bet is Government made, but which one has the most to gain from it?
      Is it an Ad for AVG?
      The other Ad, chances of catching this approaches 0 if you don't screw the security on your device up?

    5. Re:not-a-bug; wont-fix by slashmydots · · Score: 2

      Or just follow the golden rule of Android since it's invention: stay off the third party app stores!

    6. Re:not-a-bug; wont-fix by farble1670 · · Score: 1

      exactly. this little detail ...

      That's because the malware, after having previously obtained root access

      the app has to have root to work. how did it get root? my guess is that it's a an app that masquerades as an app that requires root, and it fools the user into granting root privs to the app. if that's what happened, the users deserve their fate.

    7. Re:not-a-bug; wont-fix by Technician · · Score: 1

      I keep a set of cheap amplified speakers on my desk. It's the kind with a tattletale buzz when a cell phone is too close. It's hard to be stealthy in a field full of bushes full of bells.

      --
      The truth shall set you free!
    8. Re:not-a-bug; wont-fix by suutar · · Score: 1

      or if it's embedded in a stupid game app on the Google Play store.

    9. Re:not-a-bug; wont-fix by DocSavage64109 · · Score: 1

      All you have to do is get it integrated into whatever tools someone uses to root their phone and it's installed.

    10. Re:not-a-bug; wont-fix by ayesnymous · · Score: 1

      works-as-intended.

    11. Re:not-a-bug; wont-fix by david_thornley · · Score: 1

      The Android permissions system is broken. When you see the list of permissions an app claims it needs, you don't know what it's going to do with those permissions. You're expecting people to look over a list and figure out whether everything looks reasonable for any use of the permissions in that app in an unknown context. I can't look at such a list and be confident with it, and I know a lot more about this stuff than most people.

      I much prefer the iOS system, which asks permission for specific actions at specific times, allowing me to run the app normally and allow or deny individual actions that require permission as they come up.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    12. Re:not-a-bug; wont-fix by farble1670 · · Score: 1

      i'm assuming there is no vulnerability. that'd be the real story. if there's a root vulnerability, you can do almost anything. you don't need to fool the user, you just sit in the background and download all of their pictures and data and scan memory for credit cards and passwords ... and so on.

  2. This is why..... by TheCarp · · Score: 5, Insightful

    If you really need privacy, you pull the phone battery....and if you might need privacy, you don't buy a phone that can't have its battery pulled.

    Not really any solutions, as long as people are walking around with what amount to wireless microphones in their pockets this will always be a potetial problem.

    --
    "I opened my eyes, and everything went dark again"
    1. Re:This is why..... by Iamthecheese · · Score: 5, Insightful

      Requiring an action as inconvenient as partially dismantling the device in order to not experience undesired operation is a piss-poor design.

      --
      If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
    2. Re:This is why..... by Anonymous Coward · · Score: 1

      Good to know you don't need a cell phone of any kind since, well... you know. Any cell phone, smart or dumb, can be activated at any time by anyone with the tools necessary and used as a listening device. This tends to be done during civilian orientation on Military bases as a demonstration of why cell phones are not permitted in designated secure areas, no exceptions.

    3. Re:This is why..... by Anonymous Coward · · Score: 1

      The article wasn't very clear, but most phones have a hard shutdown that works almost the same as a battery pull if you hold the power button for 10-20 seconds that would most likely bypass anything like this virus.

      Still inconvenient and untrustworthy. I really wish physical buttons that physically disconnect parts of devices would make a comeback. I would love to be able to flip a switch and know for certain that my camera/microphone were off, or to disconnect power rather than opening my phone and pulling my battery.

    4. Re:This is why..... by thieh · · Score: 2

      If you need privacy, you don't buy a phone. Do all your talking in person. Actually, do everything in person.

    5. Re:This is why..... by GTRacer · · Score: 1

      Don't forget to frisk everyone you speak with! They may have untrustworthy mobiles!

      --
      Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
    6. Re:This is why..... by freeze128 · · Score: 1

      That's not practical in the age of global commerce.

    7. Re:This is why..... by TheCarp · · Score: 2

      In theory I agree, in practice, this requirement is imposed by the intersection of the other stated requirement "privacy" and the necessary capabilities of the device known as a "smart phone".

      You can't really have a device that does what a smart phone does and isn't a privacy risk without some sort of hard power disconnect.

      You could, otoh, leave the phone in another room, or lock it inside a soundproof box. There are many solutiuons but none of them involve "hit the soft off switch and put it in your pocket"

      --
      "I opened my eyes, and everything went dark again"
    8. Re:This is why..... by jeffmflanagan · · Score: 1

      I wouldn't dismiss a huge performance gain as " just because."

    9. Re:This is why..... by GrumpySteen · · Score: 4, Funny

      They could have an untrustworthy mobile hidden in an orifice. Best don the latex and do a thorough cavity search!

    10. Re:This is why..... by BasilBrush · · Score: 1

      Android's tend to have removable batteries. iPhones don't.
      Android's have this malware. iPhones don't.

    11. Re:This is why..... by tepples · · Score: 1

      Android devices that have not been rooted do not have this malware. You can't catch it just by turning on "Unknown sources".

    12. Re:This is why..... by Anonymous Coward · · Score: 1

      If you really need privacy, you pull the phone battery....and if you might need privacy, you don't buy a phone that can't have its battery pulled.

      Not really any solutions, as long as people are walking around with what amount to wireless microphones in their pockets this will always be a potetial problem.

      Or at the very least, don't run any apps outside of the designated ecosystem that at least have provisions to theoretically mitigate malware like this. It's really the equivalent of downloading random installers from torrent links on the pirate bay, and then going "oh shit windows is so insecure!" when you get hacked and your banking passwords get stolen.

    13. Re:This is why..... by Hognoxious · · Score: 1

      Components with moving parts cost money. This is why having a touchscreen quickly leads to having only a touchscreen.

      Not disagreeing with you, BTW. If you want to form a club for the preservation of actual controls you can feel (along the lines of CAMRA) sign me up as member 2.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    14. Re:This is why..... by suutar · · Score: 1

      I thought "unknown sources" was enough to allow third party app stores (assuming that it hasn't actually reached Google Play yet), from reading this. Am I mistaken?

    15. Re:This is why..... by markdavis · · Score: 3, Insightful

      I think you hit on the solution: A hard power switch.

      And better yet, also add: A hard microphone switch and a physical shutter for the cameras. I wouldn't mind having a hard radio switch and/or GPS switch too.

      No software can work around that when you need real privacy.

    16. Re:This is why..... by Neil+Boekend · · Score: 1

      I have friends on the other side of the planet. I can be loud if I want to but I doubt I could shout hard enough for them to hear me.

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
    17. Re:This is why..... by Neil+Boekend · · Score: 1

      You are not mistaken.

      However, this virus apparently and logically also needs root access. Unknown sources does not grant it that. Rooting your phone does.

      It needs both to work.

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
    18. Re:This is why..... by david_thornley · · Score: 1

      The problem with a Big Red Button on a phone is that it will be pushed by accident. My desktop sits there, with the front panel controls out of easy reach, and the cats don't try to get too friendly with it, so a BRB is just fine. My phone sits in my pocket all day, and I touch various parts of it as I pull it out, use it, drop it and try to catch it, take something else out of that pocket, whatever. I don't want to have my phone turn off when I don't want it to. I don't want to be able to touch something that suddenly cuts the microphone or camera off when I'm using them.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    19. Re:This is why..... by TheCarp · · Score: 1

      This is one of the things that pisses me off about droids as awell. I bought the fucking hardware, its my phone. If I break it, I buy a new one. So why don't I have access to the root acount. I don't want to run everythng as root, but I shouldn't need an exploit to get it and run apps that need it.

      And maybe, if they designed with that access in mind, and didn't make people use exploits to get root access....maybe if they stopped treating it like hardare I was borrowing instead of buying we could have mechanisms to deal with this access better.

      --
      "I opened my eyes, and everything went dark again"
    20. Re:This is why..... by Neil+Boekend · · Score: 1

      I actually agree with some of the sentiment of the manufacturers. Most users can't handle root so you shouldn't give it to them. Manufacturers can't just work with nerds who can handle it. Ordinary users will mess things up and complain to the manufacturer about it.
      However it should be a setting like "unknown sources" where those that choose it can activate it. At their own risk of course.

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
  3. WTF? by gstoddart · · Score: 3, Funny

    Why is it so damned easy for malware to get root access, and so damned annoying for me to get it?

    And, quite honestly, by how annoying and intrusive AVG was becoming when I got away from it ... do we have another source which confirms this?

    I'm just not sure I trust them to be quite honest.

    --
    Lost at C:>. Found at C.
    1. Re:WTF? by fisted · · Score: 1

      Wait since when is rooting an android device difficult? What model are we talking about?

      --
      CLI paste? paste.pr0.tips!
    2. Re:WTF? by gstoddart · · Score: 2

      Look, if I want to build my fucking phone in a kit ... well, actually, I don't want to build my phone in a kit, which is my damned point.

      So first I need to find an exploit for my phone, hope it works, hope it has no chance of bricking my phone (which no matter what anybody says is non-zero), then I need to download a ROM, then I need to recreate all the functionality I need, and then I need to hope it works. Then I need to do who knows what to keep it running.

      Sorry, but no.

      I've looked into rooting both my phone, and my tablet ... and both of them sound like they're a lot more nuisance than it's worth.

      If you're a hobbyist who craves nothing more than endlessly fiddling with your device, maybe it sounds worthwhile. But from what I've been able to tell, it's a lot more than I'm willing to do.

      All I want is the damned app which lets me say "no, you can't to that" to remove perms from apps .. I don't want to build a phone from scratch.

      --
      Lost at C:>. Found at C.
    3. Re:WTF? by AmiMoJo · · Score: 4, Informative

      There is nothing to see here. The malware doesn't get root. It's just a normal app that simulates shutdown, like those lame joke apps we used to write back in the day that mimic the DOS format command output or Netware login screen. The user has to be simultaneously knowledgeable enough to enable app installation from sources other than Play and extremely dumb to install an app requiring so many permissions and from a dubious source.

      The malware doesn't do anything a normal app can't. No exploits, it just makes the screen completely black and starts sending text messages (which the user gave it permission to do), while hoping you don't press the home key and discover the ruse.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:WTF? by nevermore94 · · Score: 1

      It all comes to your choice in phones and if they have a locked boot loader (or an unlockable one) or not. Phones without one like Nexus devices, Google Play Editions, or my personal favorite the Moto X Developer Edition are simple to root and don't even require ROMing. My Verizon Moto X Dev has even stayed rooted through 3 Over The Air updates without having to do anything special.

      --
      Nevermore.
    5. Re:WTF? by stephanruby · · Score: 2

      Why is it so damned easy for malware to get root access, and so damned annoying for me to get it?

      In this case, the phone must already be rooted, and the user must be willing to grant root permission to the application. In other words, this is essentially a surveillance app for your spouse/girlfriend/boyfriend/children, where you must have physical access to their device for you to be able to install the trojan.

      After all, why else would the AVG vendor not give us the name of the app?? And why else does the AVG vendor vaguely says that the app "applies for the root permission" when it goes down to the absolute nitty-gritty details for everything else.

      In that context, it makes sense that 10,000 people downloaded/installed this app from some Chinese app store. Finding jealous people that want to spy on their significant other is easy enough (especially around Valentines day, which was only four days before this article was written). And rooting a phone in China is easy also, even for people that wouldn't know how to do it themselves, there is an entire corner shop service industry that's dedicated to helping Chinese consumers getting rid of regional locks, copy-write restrictions, software locks on pirated software, etc.

    6. Re:WTF? by fisted · · Score: 1

      Okay, so instead of answering my genuine question you prefer to go on a rant demonstrating how you're confusing rooting with installing a custom ROM. Fucking useless.

      --
      CLI paste? paste.pr0.tips!
    7. Re:WTF? by farble1670 · · Score: 1

      I've looked into rooting both my phone, and my tablet ... and both of them sound like they're a lot more nuisance than it's worth.

      having a custom ROM and rooting are orthogonal. i have a Nexus 10 that's rooted but's running the stock firmware and continues to get OTA updates. that being said, you are mostly right about running a custom ROM. the result is a loss of an hour of your life and a device that's almost always less stable.

  4. Son don't try Aptoid by lord_rob+the+only+on · · Score: 1

    You may Save a few bucks using pirated software but you'd better stay with the original Play store even if it costs you some dollars to register your app and at lest you make a developer happy for his job

    1. Re:Son don't try Aptoid by slaker · · Score: 1

      Some Android devices don't have licensed access to the Play Store, including anything that runs FireOS and tits-knows how many generic devices that somehow manage to get random retail distribution. You can tell people "Don't buy those things." but what do you say to the people who already own them?
      In some cases (e.g. Firefox), an APK will be available from the developer, but because of the way Android works, there's every possibility that even a random developer's packaging (e.g. Pushbullet) will rely on Google's authentication framework and therefore their software will be worthless on unlicensed devices.

      --
      -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
    2. Re:Son don't try Aptoid by tepples · · Score: 1

      F-Droid doesn't have free apps, and a lot of developers of apps on Play Store appear unwilling to put their apps on Amazon.

    3. Re:Son don't try Aptoid by slaker · · Score: 1

      You can get about 85% functionality from loading four specific APKs to get some Google apps on a FireOS device. You can also root it and load the full suite at the cost of your warranty. But some apps sourced from the Play store use Google components that won't work without Google licensing even if they themselves are not products of Google.

      Many Android devs simply don't publish their apps on Amazon. I'm not a mobile dev, so I don't know why that's a problem, but it is.

      You can tell people not to use third party stores, but there's a greater problem when the first-party option is completely off the table and the second best and universally compatible choice is wholly inadequate.

      --
      -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
  5. Re:Fuck off. by davydagger · · Score: 2

    yes actually, but the NSA has been caught doing the last few times in a row, its not ignorant ot make that assumption.

  6. Not new by JeffOwl · · Score: 2

    This capability predates Android and was used against feature phones quite a number of years ago. The countermeasure then, as it is now, leave your phone elsewhere or pull the battery if you really need to be sure you aren't being monitored.

    1. Re:Not new by pecosdave · · Score: 1

      Of course that's been counted by the fact they won't let you pull the friggin battery anymore.

      --
      The preceding post was not a Slashvertisement.
  7. HijackOff by wasteoid · · Score: 1

    should've been the name they gave it.

    1. Re:HijackOff by sexconker · · Score: 1

      OffJacker or OffJack.

  8. Re:Don't be silly by blackest_k · · Score: 4, Insightful

    I think its fair to say that it takes a user to install it first, linux has pretty much always had trustworthy repositories, Google not so much.

    I love some of the things you can add to chrome but there seems to be little to no security checking of what an app or extension does. That does worry me.

    --
    Blarney Quality Restaurant, Plants
  9. Re:AVG: People still use it? by slaker · · Score: 1

    I'd say that Avast is best among the free Windows options and that the free version is specifically a better product than the paid one. One of the paid modules is god-awful for system performance.I only install the Virus and Web Shields and the Browser Cleanup and Rescue Disk options. The rest is just fluff and my local mail gateway will check emails anyway.

    Microsoft Security Essentials on Windows 7 is more of an antimalware tool than functional antivirus and testing has shown it to be progressively less effective even at that.

    Avira insists on generating pop-ups every time you do anything with it. At least Avast can be put permanently into game mode if you never want it to put messages on screen.

    AVG is a performance boat-anchor and some the branded add-on tools distributed by AVG are now recognized by removal tools as Potentially Unwanted Programs. Between those things, I put AVG in the same "uninstall on sight" category as home versions of McAfee, Norton and Webroot security products.

    --
    -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
  10. Re:AVG: People still use it? by mlts · · Score: 2

    The only AV products I've found which actually do anything are SpywareBlaster and Malwarebytes, because MB actually blocks by IPs, and SpywareBlaster doesn't actively run, but sets kill bits and blocklists in browsers.

    However, with an adblocking browser extension, Web based malware should never hit your system in the first place, and with click to play functionality, should not have a chance of being activated... and with a VM or sandbox, even if the browser does get compromised, it won't get past that.

    As for Android, the weakness is that a lot of Chinese stores have little to no curation or filtering out bad stuff. Google does a decent job in stomping out the bad stuff, but I still think they need to go with two tiers, one tier as things are currently, and one tier where developers have to agree to more stringent rules, and the software has to pass more tests... that way, if a user sticks to the more curated tier, there is less chance of an infection happening.

    One note -- the exploits we read about with Android almost always are related to either pirate repositories or "app stores" with little to no moderation. Even something like Cydia's ecosystem would be highly unlikely to have malware like this ever hit it it in the first place, and if it did, the devs would have it pulled in minutes to hours.

    As for AV software, I use it on machines to make legal eagles happy. I've yet to see it actually actively stop a compromise of a machine. At best, it is good for scanning for 1+ day stuff. The real defense are the IP blacklists, hosts files, kill bits (SpywareBlaster is quite useful), Web browser extensions and click-to-play. The best mitigation if an infection happens are sandboxes (SandboxIE), virtual machines, and jails. AV was useful back when one scanned a floppy with the latest copy of Doom on it, but these days, it is more for the checkbox in paperwork than actual protection.

  11. Re:part of the great Google conspiracy by morgauxo · · Score: 1

    It's probably in apps that are either copies of or otherwise masquerading as good ones. Listing them would just serve to hurt the makers of the actual real apps while not acomplishing much as the malware pedler's would just quickly adapt by copying someone else's app. It's better just to inform the marketplaces to pull the offenders and publish articles like this to remind people to be careful of what they install in general.

  12. Re:Fuck off. by Anonymous Coward · · Score: 3, Insightful

    yes actually, but the NSA has been caught doing the last few times in a row, its not ignorant ot make that assumption.

    With a track history like the NSAs, it's not even an assumption. It's more like a statistical certainty.

  13. Re:Some LiveCDs ... Re:AVG: People still use it? by slaker · · Score: 1

    I think the MVPS.org hosts file is a good idea for everyone on every device, but anyone using Windows 8+ should know that if the Windows Defender Service is enabled (and I've seen system updates re-enable it), Windows 8 will ignore the content of your hosts file.

    My standard protection list is: Adblock+ with Easylist, Malware Domains and Fanboy's Annoyances subs (I also use Warning removal and turn off unobtrusive ads) for every browser on every user account. I actually impregnate the default user account on whatever desktop OS to make sure every account gets CREATED with those options turned on for Mozilla and Google browsers.

    Adblock+ for IE doesn't have all those options, but as of version 1.3 at least unobtrusive ads can be turned off. IE does support TPLs, so in an AD environment I mandate the Easylist TPL for basic ad blocking, even if the user disables other ad blocking tools.

    On Windows machines that don't have some kind of security appliance or web filtering in place, I also install Spybot Search and Destroy for its Immunization function.

    I'll also throw Malwarebytes on absolutely everything and I urge end users to avoid installation of Java and Adobe Acrobat Reader as much as humanly possible. On systems that I maintain, I have a script that adds a scheduled task to install Chocolatey.org's repo + scripts to update browsers, flash, PDF reader et al on Windows machines.

    --
    -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
  14. Re:Don't be silly by ArhcAngel · · Score: 1

    If a vampire tries to enter your home he will not succeed...unless he can get you to invite him in. Once you have invited a vampire in you are screwed!

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
  15. Re:AVG: People still use it? by slaker · · Score: 1

    MBAM does have an AV module in its paid product, but I think you're not making a distinction between anti-malware and anti-virus applications.The two things are distinct and primarily differentiated by whether or not the software in question tries to spread itself to other files or computers. I agree that anti-malware is much more important because it is much more commonplace, and in my experience there is no single tool that is actually worthwhile for both types of protection, but Windows machines do need both and are best served with best of breed protection from multiple products rather than a single tool that might only really offer worthwhile protection from one side or the other.

    I'll also say that Spybot Search and Destroy offers a much more comprehensive array of malware blocking tools when compared to Spywareblaster and it should probably also be in your tool belt.

    --
    -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
  16. My favorite old-school phone hack by swb · · Score: 1

    At about the peak of analog phones, most would have a dumb message on the screen, usually the maker's name or the carrier name. You could often change this message but almost nobody did, but the displays were so primitive that informational messages usually appeared in the same place and type, like "NO SERVICE".

    The fun thing to do was to change the message from "Airtouch Celluar" to "NO SERVICE" and enjoy the hilarity when people picked up their phone and wondered why it wasn't working.

    Yes, most phones showed "bars" and there was no reason why someone with half a brain wouldn't sort it out in a second, but it was often funny how many DIDN'T sort it out.

  17. It needs Root to work by fateblossom · · Score: 1

    As the article state it needs Root to do it.

    And it do not say how you gets it.

    So it's some code that need root access to mess with your phone.
    So you properly just need to root your phone. And install an app that you have downloaded from some suspected webpage.
    So is it a Trojan or just a feature from a rouge app/programmer?

    Do not root your phone if you do not have any idea what you are doing and installing apps from every that you find.

  18. That will work ... by PPH · · Score: 1

    ... right up to the point where my GSM phone makes one of these 'background calls' and every nearby radio starts squawking and buzzing.

    --
    Have gnu, will travel.
  19. FUD anyone? by farble1670 · · Score: 2

    That's because the malware, after having previously obtained root access

    how did it get root? either the device was rooted and the user granted the app root privs (duh!), or they've discovered a hack to gain root on non-rooted devices. if it was the latter, we'd be hearing a lot more about it, and faking a phone shutdown is the least of our concerns.

  20. Re:Some LiveCDs ... Re:AVG: People still use it? by slaker · · Score: 1

    I'm more likely to use Spybot's, on systems that support it. That's mostly out of laziness. It's actually possible to do both. Spybot will append its list to whatever is already present, but functionally they're close enough that I don't bother.

    --
    -- I wanna decide who lives and who dies - Crow T. Robot, MST3K
  21. 3th party app markets by sad_ · · Score: 1

    These things always happen to people who are using 3th party app stores, besides f-droid (which only has open source android apps), what could the possible reason be to use 3th party app stores? what apps are on there that you can't find on the play store?

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  22. Re:Fuck off. by davydagger · · Score: 1
    agreed. you also forgot most major corporations, world wide of all nations as well.

    There is no better reason then to stiff up your lip, and write backdoors for no one. The best practice for dealing with the NSA just happens to be best practice for dealing with the GCHQ, Russian FSB, and whatever the chineese, french, or any other nation state has.

    1. blow the whistle on everything. Don't ever spy exlusively for any powerful institution.
    2. don't write backdoors for anyone
    3. don't weaken crypto for anyone
    4. don't get involved in super-secret squirel spy-vs-spy plots, for anyone, for any reason(you never know who's pulling the strings, and you know they are all bad). Stay away from the shadows as much as you can. Drain the swamp on unethical behavior
    5. write/use/recommend systems that are more distributed and peer to peer systems that can't be controlled centrally, and are hard to stop, or monitor.
    6. Release all code and schematics Free and Open Source. Help inspect and audit others code.
    7. Put all bugs in the core stack of Free software in appropriate bug trackers and get them fixed, to prevent people from getting spied on. If any company open sources their firmware, help them make sure there are no backdoors or other bugs in it.(its a self serving favor, like everything in Open Source).(white hat hacktivism is best hacktivism) 8. Associate with like minded people to help protect yourself. Agitate to get people to fix bugs, and adhere to the above. Don't be affraid of making alliances of mutual aid, which are unconventional, if they work in common intrest.(an Anarchist as myself, teaming up with corporations to make sure that critical pieces of software and hardware remain free and secure, and readily available).

    The point is that we can make social change that weakens the ability of large organizations to use surviallence as leverage against non-involved citizens and use people against their will. This will make governments world wide need more consent from the people to rule, thus improving conditions for everyone world wide

    All hackers, programmers, technicians, can and will make a diffrence.