Slashdot Mirror
Smartphone Malware Planted In Popular Apps Pre-sale
An anonymous reader writes with news from The Stack that makes it a little harder to scoff at malware on phones as being largely the fruit of dodgy sideloaded software, game cracks, et cetera. They report that even phones marketed as brand new, from well-known brands like Lenovo and Xiaomi, have been tampered with and "infected prior to sale with intelligent malware disguised in popular apps such as Facebook." (To U.S. buyers, those makers may be slightly obscure as cellphone vendors; the scheme this article addresses involves handsets sold by vendors in Europe and Asia, involving more than 20 different handset types.)
Does Lenovo make ANYTHING anymore that isn't full of malware?
-=This sig has nothing to do with my comment. Move along now=-
It's a numbers game.
There is only one source you can trust for technology. That source is Apple.
Sent from my Blackberry.
.
Trolling is a art,
there are phones out now that are more powerful than my four year old LAPTOP. What the fuck do you need to make a fucking phone call??
Smartphones are not really primarily phones. They're small tablet computers that happen to be able to make calls. The phone feature is almost incidental since 90%+ of the time they are used for other purposes. I spend maybe 1-2 hours talking on my smartphone each month and probably 20+ hours doing other stuff with it like reading news, checking email, taking pictures, etc.
They're not even in the list of makers that I know of:
That's because you probably don't live in China. They're actually a good sized player in the market. Also they are buying (have bought?) Motorola's handset operations from Google.
This is a really important point. The reason the web was so successful was because once you made a website, anyone with a computer could access it and anyone else's website using a single program. A common, unified method of interacting with multiple persons or organizations with minimum hassle. Prior to that was the telephone, which allowed you to call anyone using a single device. And prior to that was the invention of postal mail, which allowed you to write to anyone by dropping off your letters at a single location.
What's happening with every site out there trying to foist their own app onto your phone is a huge step backwards. It takes us back to the day when the only way for you to interact with a person or a organization was to physically travel to their unique location. We've spent centuries arriving at the optimal solution to the problem of contacting others to exchange information with a minimum of hassle. Now marketers want to undo several centuries of progress in the name of advertising and data collection. What's happening with apps right now is equivalent to each person in your contact list insisting that you keep a separate telephone just for calling them, and which can only call them, and oh by the way that phone will listen in on what you're doing and report it back to its master..
Don't fall for it. Unless the app includes some functionality which requires it to be an app (e.g. my banking app lets me deposit checks by securely taking a picture), insist on using the website. If the experience on your phone's browser sucks, that just means the website needs a better mobile site, or HTML needs to be extended to allow for a better mobile experience (theoretically the browser could be allowed access to your camera to let my bank's website take a picture allowing me to deposit checks). And if a site is so obnoxious as to block mobile browsers and insist you download their app, stop giving them your business and find an alternate.
I find the vast majority of web sites with a mobile version are complete crap.
You hit a site due to a search, get redirected to the crap which is their useless mobile site, and can never find what you're looking for because apparently mobile sites are written by morons who write useless sites.
I can't tell you how many sites I have had to do the "request desktop site" for because they don't seem to realize a useless mobile site is worse and more broken than not having a mobile website in the first place.
In my experience the mobile version of most websites are pointless, because they don't really work.
Lost at C:>. Found at C.
Lenovo bought Motorola. That coupled with their China-only smartphones made them the #4 phone manufacturer in 2014.
The real solution is something like xPrivacy (or on iOS, PMP), where the app thinks it has all the permissions it ever will want, but it gets fed bogus data. Contacts? Gets garbage. Location? Fake. Advertising ID? Sure, pick one. ESN/IMEI? Whatever the RNG says, its all yours.
It is surprising what apps ask for, permission-wise. If one uses a firewall program (Firewall IP on iOS, others on Android), you will find that a lot of apps communicate with tens to hundreds of sites that are pretty much irrelevant to anything you are doing, but usually are related to ad-based stuff, be it analytics, behavioral tracking, or other stuff that has no benefit to the end user, but a windfall for a snoop.
I've found the only real solution is to either move to a more user-respecting ROM like CM or whatever the talent in XDA has built, which almost always works better than what came from the factory.