Slashdot Mirror
Ask Slashdot: What To Do About Android Malware?
An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?
to start with a completely clean slate and get it right. Instead they re-created the Windows ecosystem. Congratulations.
Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.
If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.
I have a Nexus 6. Google have provided useful applicatons that shipped with the device. I don't download anything from the Google Play store. Full stop. I don't need or want anything that did not come with the phone. One reason for going with the Nexus devices is I get a guaranteed update path and a steady stream of patches unlike going with say, Samsung from a carrier. I know friends who go months before getting patches.
"the recently degraded performance of which leads me to believe that it's infected with malware. "
Occam's razor says your degraded performance is much more likely to be due to more mundane reasons like incompetent apps / OS (Google, here's looking at you), than malware.
I don't need or want anything that did not come with the phone.
Well that sounds like a Sweet Solution.
You rejoice because it means your favourite OS is more popular than iOS, then you pay the malware scanner tax with considerably less enthusiasm.
I don't believe your friend. Verify it yourself first.
Change is certain; progress is not obligatory.
My android phone can overlay the screen with some version of Linux top. The shown CPU load numbers sometimes shoot up as high as 50, and the rest of the time it's usually over 5, while it should be below 1.0, and close to 0 when idle. Yet non of the processes in the list below it show significant CPU usage.
Battery drains in a few hours. An identical phone, same type, same age and mostly the same apps doesn't have this problem.
Has anyone noticed a similarly high CPU load? I can't find this problem on google.
In case you got a sophisticated piece of malware which installed a rootkit into your bootloader or system partition, a simple factory reset will *not* help, so your *only safe* remedy is to reflash your phone *completely*. Google for "Reflash Nexus 6" or follow this link: http://forum.xda-developers.co...
After that make sure you install apps *only* from Google Play and you have "Allow Unknown Sources" under Security disabled. Make sure that the apps you install have a considerable number of positive reviews and the apps make use of sane permissions.
Make sure you're the only person who uses your smartphone, because other people may do things you'll regret later. If you absolutely need to let someone use your phone, activate a guest account for them and let them run only the apps they need.
Create a decent password for your lock screen (at least six digits) and make sure your phone locks after a period of inactivity.
If you're extremely paranoid, before installing an app, find its offline version, i.e. apk (they are usually easily googeable) and run it through virustotal.com (I usually do that when I install unpopular dubious apps).
Factory reset you phone and stop side-loading shady/pirated apps and you'll be fine. I've never had an issue with malware on Android and I been using it for over five years now (N6).
Does it have to be AVG?
btw, I have an older Samsung with no update-path unless I choose to root it. I have essentially blocked the stock browser and have disabled MMS.
Mielipiteet omiani - Opinions personal, facts suspect.
I don't do anything sensitive on my smartphone because of the lack of security (physical and logical security). I don't login to my email, banking, or any other sensitive accounts. I don't pay bills with my phone. I realize that might not be an option for some people, but it works for me and I don't worry about malware getting on it. I find my life much more simple to do most of my computer business on the desktop, and leave my smart phone to web browsing and a few apps. If malware gets on my phone, so what? If security is important to you on your phone, you are better off fitting into the walled garden.
A Microsoft or Apple ad. FUD anyone?
1. Factory reset;
2. Antivirus;
3. Don't do the usual dumb stuff you wouldn't do on Windows, i.e.
- don't run outdated mainstream software;
- don't run random software downloaded from random sites;
- always run an adblocker to stop malicious ads;
- don't visit little-known pron/warez/similarly reputable sites outside of a sandbox (i.e. not at all, on your 'phone).
a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal.
Pull out WireShark and see what's getting sent. I consider advertisers to be "sketchy addresses," and I think your friend is probably a noob if he didn't show you what was in the packets.
If you're not interested in doing that, then just factory reset your phone.
"First they came for the slanderers and i said nothing."
.. from a company that understands security: Blackberry.
Who am I kidding, no one cares about security these days, it's all about OOOOH, Shiny!
Sad.
Nuke it from Orbit. Only way to be sure.
And stop using all those "social" apps. THAT is the real issue.
Best to root, then use AFWall+ (play store). Even malicious apps won't connect to the network. If not rooting, use Mobiwol (play store). Since it creates an internal VPN, it can track traffic so you don't have to read through iptables logs.
If rooted, install AdAway (f-droid store) to block junk from the few apps you let through your firewall. Also with root, buy Titanium Backup (play store) and "freeze" all unwanted apps that come with a stock Rom.
Takes some initial setup, but then you never have to dick with it (until you update the OS, which if you have the above, you only need major releases).
...don't install stuff you don't need. Don't pirate apps. Educate yourself via XDA on what is safe, what is not, and what apps are simply performance suckers.
This sig intentionally left blank.
As with life, you need to think and act for yourself a bit here. No free and easy answers, but it's unlikely that you're "infected", you probably just have a lot of bloatware apps draining resources and spying on you. Remember, the boundary between malware and adware/spyware is thin indeed, so your best bet is to start at the beginning and re-think your digital life.
Everything we do on our phones fits into one of two broad categories:
1. Personal and work life. Deeply private, sensitive and important communications with friends, family and colleagues. 2. Time Wasting / Entertainment / Infotainment. Reading news, watching videos, games, app-du-jour, whatever.
Given the state of our corporate overlords, there is no reasonable way if you care for your privacy and safety to have both sets of functions combined into one device. You got into your predicament by not realizing this. You seem like a conscientious fellow so here's a tip based on what I do:
Get two devices:
Phone 1: Email, voice and sms communications, photos. Nothing else. It's my life, both business and personal. NO APPS except the few which support these needs. No social crapware either. If posting that photo of my food can't wait until I get to my laptop, then it helps me realize that it isn't worth uploading - nobody wants to see it anyhow. Phone 2: A phablet with a data only 4g sim card (20 bucks a month for 3 gigs). Has apps, games and browsers for boring flights, lunch breaks, whatever. It can get p0wned, i don't care, as it's registered to a disposable gmail account and contains no personally identifying info apart from the 4g account which Vodafone can spy on. I could drop it in the trash and lose nothing but the cash to buy another, and the 3 gigs is plenty for all my time wasting needs each month.
For phone 1, you can only be reasonably confident it is clean if you get the phone new, and discipline yourself to not fill it up with crapware. You may root the phone to remove the factory installed bloat ware, but never to side-load even more sketchy apps. Trust nothing.
For phone 2, it hardly matters what you do as long as you don't fill it up with your private life. Have fun and enjoy if it ever gets malware. Wipe it if it ever gets slow and re-install the apps you enjoyed most. If any of these apps want to make your life "convenient" by tapping into the stuff on Phone number 1: stop. You're welcome.
It is a shit idea to mix the two spheres, because remember, all of the app authors in the world just want to monetize your life. They aren't writing the apps because they love you, or because they are good Samaritans. Every last one of them (with a few notable exceptions) wants a paycheck. So don't be used, be a user.
What's your approach to detecting and dealing with Android malware?
don't use android. this is not said in a sarcastic, troll-baiting, flame-fest-demanding or other meaninglessly fucking stupid way or any other way which is to be misunderstood, either accidentally or deliberately. it is said in a simple factual way. if you use a monoculture OS, supplied in binary form only and, for commercial (profit prioritisation) reasons not properly supported by the manufacturer (no, google is NOT the manufacturer of the world's 3rd party android mobile phones, they are the supplier of REFERENCE platform source code which 3rd party manufacturers then take and produce their own customisation and binaries from, and because of the huge fuck-ups that have occurred when 3rd party manufacturers do that, they've been forced to do "flagship" products demonstrating how to do it correctly... but even so they *still* haven't managed to get round the huge "monoculture" problem), then i'm sorry to have to be the messenger here but just like when you run any other proprietary binary-only monoculture OS, then plain and simple, you get everything that you deserve: viruses, malware and more.
now, if someone wants to go and vote the paragraph above down just because it's quotes not nice quotes, i really don't give a monkey's. fact is, i don't use android, therefore i don't get android malware. no complications, no desire to risk my data or my time dealing with other people's crap proprietary "pseudo-open" software. got a problem with that? i genuinely don't care.
"That, and a friend who noticed a lot of strange activity coming from my phone's IP"
Sound's like your friend is a load more steps ahead than the rest of us, who have none of the information he was working to. He noticed somehow (no detail here), and he know which sites and which he believes are sketchy. Sounds like the best source of help is this friend.
Flash a known good ROM with source, do not flash Gapps, audit the certificate store, use F-Droid and take back control. I'll decide what's safe or not, Google.
In particular, I wonder if the Facebook app is installed. It's pretty nasty. If you're not a Facebook-aholic, just use your browser to access facebook.com. If you ARE on Facebook 30 times per day or more, recognize that it's having a significant negative impact on your phone (and probably your life), then decide what you want to do.
The worst part about malware in Android is that your phone's manufacturer will likely never provide you with a patch and you'll keep getting infected.
I guess they could have put it in Apple`s Walled Prison right
There are two Apple ecosystems, iOS and Mac OS X, both offer app stores where every app is subject to review. The Mac ecosystem also allows a user to download apps directly from a manufacturer. In other words on the Mac if the supplier is trustworthy you can go direct. If the supplier is an unknown you can go app store so you know its been reviewed. Google could have gone this route and reviewed apps on Google play while still allowing side loading for users who wanted to take the risk or who were dealing with reliable direct sources. They still could go that route and begin reviewing apps.
At least the Apple works and have a longer span of vendor support. Scoff all you want but I can keep my devices longer as they're both longer lived and longer supported.
The person having the malware problem and asking questions is using a Nexus 6. That's a product from Google and it gets all upgrades. IMHO the Nexus devices are the only way to go with Android, you are sure of getting long term support and upgrades. For Android development I have a Nexus 4, a 2012 device, and it upgrades to the most recent version of Android.
https://play.google.com/store/... came with my phone. Seems to be fine, though it too chatty for my liking. I'm not sure if it's a speed app that talks about security, or a security app that talks about speed. It seems to mainly work by shutting down background processes. Though it's domination of the running apps to make sure nothing is running, so it extends battery life, takes more battery life than the background apps did. But I haven't really played around with it much, came with the last update, and didn't get in the way too much.
Learn to love Alaska
most likely random or malicious seeming network traffic is due to advertising calls. root and install http://adfree.odiousapps.com/ adaway by bigtincan.. hell i'd say root it and have fun with it. if you have a virus or malware it's probably the easiest way to find and remove it.
>"What's your approach to detecting and dealing with Android malware"
Um, not turning on "allow unknown sources" and then installing a bunch of stolen/sketchy/unknown crap from shady/strange/random/unknown places. It mostly really is that simple. I have never had malware on any of my many Android devices.
As your load more apps that feel that they most always be loaded into memory ready to go, and eat up cpu while doing much next to nothing other than spy on the user, your device will get slower and slower. And if you upgrade from kitkat to lollipop you'll also feel the hit.
What you describe
Hate to say it, the Android malware issue made up my mind to go with a Windows phone a year ago.
What To Do About Android Malware? The answer it not to download and install it from unreliable sites ...
Keep an eye on your updates and uninstall apps that update all the time. I think a lot of malicious android apps are functionality that's implemented in modules that are regularly downloaded as updates for the original malicious app.
Not trolling, this is why I carry an iPhone
Teehee!
why do people waste their lives with this off-brand android bullshit...
Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps
I agree: someone new to Android should stick to the reputable repositories, which are Google Play, Amazon, and F-Droid, and avoid any app that seeks administrative permissions unless required by an employer. But if there are two apps for reading Cracked on a reputable store, how do I know which are and aren't dodgy? There's the official app but also a third-party app.
In other words, all Windows PCs are like unlocked Nexus phones: they get updates directly from the operating system publisher.
Amusingly, the original iPhone was about standards for web based content.
Yet the web browser in iOS didn't support web access to the accelerometer until iOS 4, <input type="file"> until iOS 6, nor WebGL until iOS 8.
Yet somehow my Nexus 7 (2012; codename grouper) tablet got much slower when upgrading from KitKat (4.4) to Lollipop (5.0 and 5.1). It gets so bad that the UI has multi-second pauses if the Google Play Store app is downloading or installing an application update in the background. And it's not just an app's UI; it's the system UI including swiping down from the top.
I don't login to my email, banking, or any other sensitive accounts. I don't pay bills with my phone.
So how do you deposit paper checks?
Occasionally I receive a paper check from a relative who tells me she's too old and set in her ways to consider using the electronic funds transfer button on the bank's website. Some other people may be working for employers that issue paper checks because they are too small to offer payroll direct deposit. Chase Bank has a check deposit app for phones, which operates by photographing the front and back of a check with the phone's rear-facing camera, but none for desktop computers. (A Chase representative confirmed this to me.) During much of the year, I ride my bicycle to an ATM seven minutes away from my house and deposit the check there. But during about one-third of the year, the weather makes cycling impractical.
Half the mod authors speak broken english too
But I'm willing to bet that their English is better than your Polish, or German, or whatever language is official in the non-Five Eyes countries where mod authors tend to live.
Or you can just switch off notifications all the stuff you don't care about, and set it to sync rarely. Problem solved.
I have a wakelock analysis program installed and Facebook is never in the top ten.
Please help metamoderate.
Move to iOS
Admit you're an open sores sheep. Get Toreball's dick out of your mouth and RMS's dick out of your ass.
Stick to the official store or a trusted third party one. It's highly unlikely that you will be infected and if by misfortune you are, there is a chance that the software can be remotely killed and removed before it does any harm.
Have a good look at all the permissions that the Facebook app has. I know, it'll take quite a long time to read the whole list. Then look at the terms of use. You've solved a small part of the problem. You are of course free to make your own decisions. Thoee decisions are not without costs.
Root -> xposed -> xprivacy -> Done
- Complete, firmware-level wipe (if possible, depends on phone model), re-installation of stock firmware, or...
- Complete, firmware-level wipe (if possible, depends on phone model), installation of custom ROM (which will support some of the phone functionality, depending on ROM), and...
- Avoid anything not from the google app store, and any app requiring high-level permissions, and any app requiring access you don't want it to have, or...
- Get an iPhone (which is not 100% safe, but safer than essentially any Android configuration, with the "walled garden" drawback)
Those are your options if you're concerned about malware on your mobile device at this point.
I take it you did not read the article on slashdot yesterday about avg changing their TOS.
They now collect all your data and sell it to advertisers. So go ahead and install malware to delete the malware. Very smart indeed.
In the rare case someone don't have a bank account that a direct transfer can be done to then it's a question of cash
She has a bank account capable of direct transfer. Though she routinely uses her bank's web site to check her balance, she is unwilling to learn to use its online form for sending a direct transfer: "I'm old and set in my ways, and I ain't usin' no online transfer." She breaks into the redneck dialect that she reserves for when she is frustrated and understands that her appeal to emotion and tradition is invalid. To her, the alternative to a check is not paying at all. So during the cycling off-season, when daily high temperatures can be below the freezing point of water at 1 atmosphere, I'm back to holding live checks for several days at a time until I otherwise have an opportunity to be near one of my bank's ATMs that takes deposits.
Or should most people buy a car to work around receiving the occasional paper check?
Install a restraining bolt.
-Dave
I am in Laos (SE Asia) and spend time in Seattle and MD. No problems since I use prepaid where ever I go. T-Mobile mobile seems to work for US coverage. And there are very reasonable local options every where else. options
Phone and tablet. Also on my desktop.
Why would you want to waste perfectly good storage, network bandwidth and battery life on a chopped-up, crappy interface, crappy user experience "AAA" game port on a mobile phone instead of using a dedicated mobile gaming device?
Because there's a mid-tier between text (the example of robotfindskitten) and AAA, and not all games in this mid-tier happen to be ported to PlayStation Vita. Some games are from smaller studios that can't afford a simultaneous release across five platforms (Android, iOS, Windows Phone, PlayStation Vita, and Nintendo 3DS). Instead, they use revenue from one platform to fund a port to other platforms, and the platforms of least resistance tend to get the game first. Someone who visits the developer's web site might see something like this:
Or because your pocket and your cellular service budget are big enough for one device, not two or three.
Or just install Tinfoil for Facebook which is just a wrapper on the mobile site and fairly limited in terms of the permissions needed.
Every post I make begins with the assumption P=~P.