'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones (arstechnica.com)

← Back to Stories (view on slashdot.org)

'Godless' Apps, Some Found In Google Play, Root 90% Of Android Phones (arstechnica.com)

Posted by msmash on Friday June 24, 2016 @02:40AM from the vulnerable-android-apps dept.

Dan Goodin, reporting for ArsTechnica:Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits.Affected apps that have been spotted in Google Play, Android's marquee app store, are largely flashlight, Wi-Fi apps, as well as copies of popular games.

87 comments

Min score:

Reason:

Sort:

So does Google actually scan the store or what? by Anonymous Coward · 2016-06-24 02:44 · Score: 1

Every time I hear the "virus available from Google Play" I think "boy, if they could find this, wouldn't Google?"
1. Re:So does Google actually scan the store or what? by The-Ixian · 2016-06-24 03:01 · Score: 4, Informative
  
  I think this falls under the "victim of their own success" category.
  The thing is, once you install an app, that's it, it can then do whatever it wants within the limitations that Google has defined. One of those things is "access the Internet" which means that the app, once installed, can then go out to the web and grab whatever it needs to exploit your device.
  I am sure that there are thousands of legit apps that have the same exact "signature" as these malware apps. As in, they do normal stuff like access the Internet, turn on your camera's LED, etc.
  If you start blocking apps that access particular URLs, that's all well and good, but what if the malicious party creates an ad that is only malicious when used in conjunction with their app? Will Google block apps that access the ad networks? Nope.
  The real fix is to get these devices updated so that they are no longer vulnerable to root kits.
  
  --
  My eyes reflect the stars and a smile lights up my face.
2. Re:So does Google actually scan the store or what? by macs4all · 2016-06-24 03:05 · Score: 0
  
  Every time I hear the "virus available from Google Play" I think "boy, if they could find this, wouldn't Google?"
  Go Android Security!!!
3. Re:So does Google actually scan the store or what? by macs4all · 2016-06-24 03:08 · Score: 0, Troll
  
  The real fix is to get these devices updated so that they are no longer vulnerable to root kits.
  The great news is that you don't have to wait for Android to be "updated"; because YOUR Android phone NEVER WILL.
4. Re:So does Google actually scan the store or what? by fustakrakich · 2016-06-24 03:09 · Score: 0
  
  The real fix is to get these devices updated so that they are no longer vulnerable to root kits.
  How does that work for a five year old Nexus?
  
  --
  “He’s not deformed, he’s just drunk!”
5. Re:So does Google actually scan the store or what? by Anonymous Coward · 2016-06-24 03:16 · Score: 1
  
  The real fix is to get these devices updated so that they are no longer vulnerable to root kits.
  How does that work for a five year old Nexus?
  The fix for such an old device is to stop being a cheap-ass and buy a new phone.
6. Re:So does Google actually scan the store or what? by The-Ixian · 2016-06-24 03:23 · Score: 2
  
  I didn't mean to imply that the onus is on the user to update their device.
  I am saying that Google and the carriers need to find some way to get along and keep these devices updated.
  At the end of life, when Google no longer wants to support these devices, I think it would be appropriate to block access to the Play Store for those devices.
  
  --
  My eyes reflect the stars and a smile lights up my face.
7. Re:So does Google actually scan the store or what? by ryanmetcalf · 2016-06-24 03:24 · Score: 3, Informative
  
  You don't have to wait for Google, because Cyanogen will have you covered too http://www.cyanogenmod.org/
8. Re:So does Google actually scan the store or what? by Anonymous Coward · 2016-06-24 03:27 · Score: 0
  
  says the boy so poor he can't afford a username
9. Re:So does Google actually scan the store or what? by legRoom · 2016-06-24 03:42 · Score: 1
  
  So does Google actually scan the store or what?
  Due to the Halting Problem, reliable automated detection of malware is theoretically impossible. This doesn't mean antivirus software is useless, but it is simply inevitable that it will miss stuff. Human security experts will always need to be involved, but humans are expensive, slow, and make more mistakes compared to machines - so it's inevitable that we'll miss stuff, too.
  The best long-term route to increasing computer security for society seems to be limiting the capabilities of a program's execution environment to a less dangerous subset of the full range of possible capabilities via air gaps, sand boxing, fine-grained permissions, etc. However, between the continual efforts of three-letter agencies to poke holes in the sand boxes, and the universality of the critical PEBKAC vulnerability, I think the internet is doomed to remain a dangerous place until Judgment Day comes. :-(
10. Re:So does Google actually scan the store or what? by fustakrakich · 2016-06-24 03:53 · Score: 1
  
  I think it would be appropriate to block access to the Play Store for those devices.
  I see... So you want to make life even worse... On the other hand, apps that spoof your ID will have a big market.
  
  --
  “He’s not deformed, he’s just drunk!”
11. Re:So does Google actually scan the store or what? by Espectr0 · 2016-06-24 04:04 · Score: 1
  
  The real issue is that apps shouldn't be able to install code without prompting the user. Android should force a window that says something like "app is trying to install this: accept or deny?"
  
  --
  Open Source Java Web Forum with LDAP authentication
12. Re:So does Google actually scan the store or what? by Anonymous Coward · 2016-06-24 04:08 · Score: 0
  
  Google changed this. Current Android will alert you when an app uses "risky" features checking you really wanted them.
  It applies even to Google's own apps. Soon after I got my phone I got a toast asking if it's OK for the built-in Messenger to send a text message I'd just written. So I pushed OK. Send a few texts now and again, think nothing of it. Then this week I sent like six texts in a maybe five minutes, furious back and forth with someone. As I sent the sixth, Android asked me "This app is sending a lot of text messages, do you want to continue to allow that?" and I had to press OK again.
  If you decide Facebook snoops on your too much, in current Android you can go into the Setting and say you don't want it to have your Location any more. It'll prompt the next time Facebook wants the location "Allow location?" and you can go "Nope" and it just lies to Facebook and says it doesn't know where you are.
  For some things if apps insist on having access, they just stop working, but then it's up to you, give them access or stop using them. No more "one chance to make the right choice".
13. Re:So does Google actually scan the store or what? by pr0fessor · 2016-06-24 05:07 · Score: 1
  
  Yeah but it is going to say it's installing a root kit or is it going to say something else?
  Description: Update, Bugfix - Fixes problem in {insert application} that causes application crashes and high cpu utilization.
  Would you like to allow this? accept or deny
14. Re:So does Google actually scan the store or what? by amicusNYCL · 2016-06-24 05:31 · Score: 2
  
  My HTC Evo 4g
  That gives me nightmares, that was my first smartphone. I've upgraded twice since then, you should really consider it. When I booted that up to wipe it back to defaults it felt like I had discovered some relic of a bygone era.
  
  --
  "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
15. Re:So does Google actually scan the store or what? by macs4all · 2016-06-24 05:38 · Score: 0
  
  You don't have to wait for Google, because Cyanogen will have you covered too http://www.cyanogenmod.org/
  
  Oh yes, protect against 3rd party exploits by installing a third party OS. Sounds like a GREAT solution!
16. Re:So does Google actually scan the store or what? by The-Ixian · 2016-06-24 05:50 · Score: 1
  
  No, if you carefully read my statement you will see that I used the word "wants". This is key. If Google WANTS to cut off a revenue stream they can do so.
  However, there is another alternative that is good for them AND for users: Fix the bugs and make them available to older devices that they want to continue to make money off of.
  It doesn't do Google or users any kind of good to allow their older devices to be abandoned malware platforms.
  
  --
  My eyes reflect the stars and a smile lights up my face.
17. Re:So does Google actually scan the store or what? by Espectr0 · 2016-06-24 05:57 · Score: 1
  
  it would be something like the OSX dialog that asks for your admin password or maybe something like windows UAC does. The dialog should be entirely up to the OS and the app can't control it or put up descriptions on it.
  It should be just a warning that the app wants to modify the system and that it could be dangerous. Maybe a reminder that it isn't an app update at all
  
  --
  Open Source Java Web Forum with LDAP authentication
18. Re:So does Google actually scan the store or what? by fustakrakich · 2016-06-24 06:14 · Score: 1
  
  Well, that's the problem, isn't it? They don't make money on older devices, so where's the incentive to support them? It only cuts into sales of new devices. But I would hope users don't tolerate blocking and can/will circumvent any attempts to do so.
  
  --
  “He’s not deformed, he’s just drunk!”
19. Re:So does Google actually scan the store or what? by pr0fessor · 2016-06-24 06:37 · Score: 1
  
  That's the point the app store is essentially a trusted source at least as far as the average user is concerned and an application disguising something as an update to that application would still be appear to be an update.
  If I open an application on any operating system and it says would you like to check for an update and then what ever operating system prompt comes up when I attempt to install said update it still looks like an update.
20. Re:So does Google actually scan the store or what? by thoromyr · 2016-06-24 09:03 · Score: 2
  
  Victim of their own success? Or a predictable outcome of the security model?
  The android security model is what I call "blame the user". Although things have shifted slightly, the original intent was pretty simple: an application could only do things that it was pre-approved to do. This was handled by having declarations and the user would have to agree to those declarations. There are several problems with this model.
  1. Users are not generally equipped to properly discriminate and thus are not able to make an actual informed decision.
  2. Permissions are not granular. You even mention one of the most glaringly ungranular permissions, "access the Internet".
  3. Permissions are an all-or-nothing proposition. They only have any meaning when there is no adversary. That is, they provide no security whatsoever, merely at best providing limited information as to whether or not you might want to install an app. Kind of like a ratings system.
  4. Applications can (and do) declare permissions that they don't need. This can be attributed to laziness (why bother worrying about what the app needs, just select them all) but in the end allows an app to do things that it never needed to do which can be leveraged maliciously.
  I call this "blame the user" because when someone's device ends up with malware on it the response was (especially initially) "but you knowingly installed it, accepting that it would 'access the Internet'".
  With a few exceptions (such as a web browser), the user doesn't really intend to give an app unlimited access to the Internet. Instead, they are thinking that a game app will send and receive leader board information, or that an advertising supported app will connect to an advertising network, or that drawing app will check for updates, or whatever. They are *not* expecting that the will use this global "access the Internet" permission for command-and-control traffic for the botnet it just joined.
  The entire model is flawed. Anyone who has dealt with "normal" users on any long term basis is well acquainted with how unsolvable #1 is. And, while making permissions more granular and separable would address #2 and #3, it does so at the expense of #1. Addressing #4 is more difficult, but should be achievable by making them inherent to function usage.
  But, in the end, the user is no more equipped to make security decisions based on a declaration of access requirements on a mobile device than they are to make security decisions based on a Windows security alert. If it goes any deeper than confirming an action (because of the possibility of non-interactive triggers) then it is not a good use-case for a user decision.
  For example, prompting before allowing first-time execution of something that was downloaded by a browser -- if the user just downloaded and attempted to run the installer they can confirm this -- but if a malicious site managed to trick the browser into downloading and executing then a user has a chance of realizing they should say "no" when prompted by the operating system.
  In short, the android model of permissions/capabilities does not provide security. At best, it provides a framework for an educated to user to possibly make an informed decision about installing an application. This isn't a *bad* thing as there is nothing wrong with enabling better management of a device -- unless it is mistaken for security.
  Security is difficult. There is no silver bullet. It cannot be automated. While some sort of automatic scanning can be *part* of an overall security approach, it will always fail if it is all there is to the approach. Google (or Apple) scanning apps in their stores can gain *something* but does not provide a good endgame. Increasingly, the only time malicious applications are first detected is by actual analysis. That this is a high cost to perform that users are not willing to play doesn't help matters any. It remains to be seen how well relying on voluntary third-party audits of applications will work. I just don't see it scaling very well.
21. Re:So does Google actually scan the store or what? by trparky · 2016-06-24 13:26 · Score: 0
  
  Not if your device has a locked boot loader like many of the US-based carrier-locked devices have.
22. Re:So does Google actually scan the store or what? by Lisias · 2016-06-24 16:19 · Score: 2
  
  Oh yes, protect against 3rd party exploits by installing a third party OS. Sounds like a GREAT solution!
  It used to work very well.
  I did it when I installed OS/2 on the nineties, and now when I install OpenSUSE.
  
  --
  Lisias@Earth.SolarSystem.OrionArm.MilkyWay.Local.Virgo.Universe.org
Par for the course with Android by Anonymous Coward · 2016-06-24 02:46 · Score: 0

It's no wonder I use the superior iPhone, backed by a company that actually cares about security and privacy.
Sorry you googtards can't make enough money off your free crapware to afford quality goods.
1. Re:Par for the course with Android by Anonymous Coward · 2016-06-24 02:51 · Score: 0
  
  It's a root tool. The iPhone has them as well, only they call it jail breaking.
  I think Verizon is selling the iPhone 5 for a dollar right now if you want to go check out how it works.
2. Re:Par for the course with Android by tripleevenfall · 2016-06-24 02:56 · Score: 4, Interesting
  
  I'm not an Apple fanboi or anything, but I'm pretty sure that there are not a bevy of apps in the App Store that can contain malware which can root 90% of iPhones.
  Say what you will about the virtues of Android and iOS, that's just silly.
3. Re: Par for the course with Android by ArmoredDragon · 2016-06-24 03:07 · Score: 5, Insightful
  
  Actually the thing with iOS is that it's virtually impossible for anybody but Apple to mass audit apps for malware. There are without a doubt malware apps on Apple's app store, but nobody has found them yet. In fact, in at least a few cases, some malware apps on iOS were only discovered after somebody found it on the Android version and decided to check the iOS version on a hunch.
4. Re:Par for the course with Android by The-Ixian · 2016-06-24 03:08 · Score: 1
  
  but I'm pretty sure that there are not a bevy of apps in the App Store that can contain malware which can root 90% of iPhones.
  Of course, the response to that is: Not that you know of.
  If we have learned anything, it should be:
  - Systems are not inherently secure
  - Companies are profit driven (they care about you only so much as it affects their bottom line)
  - Software is complex
  - People make mistakes
  This creates an environment where nobody is above reproach. No system can ever be thought of as bulletproof.
  
  --
  My eyes reflect the stars and a smile lights up my face.
5. Re:Par for the course with Android by Anonymous Coward · 2016-06-24 03:10 · Score: 0
  
  You're right. On an Android, if you want to root your phone, you can just go to the Play Store and download an root app. On an iPhone you cannot. You're right that it's silly, but luckily you have a choice.
  Plenty of iPhone apps have contained malware, so let's not pretend it doesn't exist. Sure, it's less than Android since Android doesn't treat their users like children, but it does happen. If you just download garbage willy-nilly, you're going to mess up your phone (or computer, or desktop, or any electronic device).
  And since when is root "malware"? There are webpages with very large user communities dedicated to doing that to their own devices for their own uses. Hell, desktop Linux comes with the capability built right in. It asks what password you want to use for it right when you install the damn thing.
6. Re: Par for the course with Android by tripleevenfall · 2016-06-24 03:16 · Score: 1
  
  It's easy to say malware is there (in the absence of any evidence of widespread malware) by saying it just hasn't been found yet.
  Not a terrible position, sir.
7. Re: Par for the course with Android by Anonymous Coward · 2016-06-24 03:53 · Score: 1
  
  He did say malware apps were discovered on iOS. No citation or anything, but you could at least respond to what he was saying.
8. Re:Par for the course with Android by macs4all · 2016-06-24 09:23 · Score: 1
  
  A few iPhone apps have contained malware, but nothing anywhere near the amount on Android. Sure, it's less than Android because the App Store Approval Process works quite well, but it has happened once or twice, although never with clearly malicious intent.
  
  FTFY.
9. Re: Par for the course with Android by ArmoredDragon · 2016-06-24 19:46 · Score: 1
  
  It's easy to say malware is there (in the absence of any evidence of widespread malware)
  
  Actually, there is:
  https://nakedsecurity.sophos.c...
it wuz haxx0rz! by Anonymous Coward · 2016-06-24 02:49 · Score: 0

And for a while I thought this would actually be informative rather than the usual breathless content-free fare.
1. Re:it wuz haxx0rz! by ConceptJunkie · 2016-06-24 04:12 · Score: 1
  
  And for a while I thought this would actually be informative rather than the usual breathless content-free fare.
  You must be new here.
  
  --
  You are in a maze of twisty little passages, all alike.
More detail needed by Anonymous Coward · 2016-06-24 02:50 · Score: 0

So the program has access to a vast cache of exploits that it uses to root the phone.
And then it does.. what? The summary makes it sound like Godless is just a root tool.
potential 'capability' is not actual installation by sittingnut · 2016-06-24 02:53 · Score: 1

these malware "contain malicious code capable secretly rooting an estimated 90 percent of all Android phones"
well there are malware/viruses/etc that are "capable" of doing damage to lot more percentage of variety of computing devices running variety of software.
but they need to get installed/infected/whatever.
but these seems not be all that successful, in that crucial step, even with apps in google store
so don't get too excited.
public warnings are ok, and beneficial . but screaming is too much.
Awesome! by Anonymous Coward · 2016-06-24 02:58 · Score: 0

I see. Verizon and Samsung won't let me root my phone, but Russian and Chinese hackers can. Thanks Verizon and Samsung.
1. Re:Awesome! by sunderland56 · 2016-06-24 03:04 · Score: 4, Insightful
  
  I see. Verizon and Samsung won't let me root my phone, but Russian and Chinese hackers can. Thanks Verizon and Samsung.
  Came here to say just this. "Rooting" your phone should be a setting in a menu somewhere saying "Allow me to access my own device"; it shouldn't require searching the internet for the least-sketchy app to flip a bit somewhere.
2. Re:Awesome! by Jason+Levine · 2016-06-24 03:20 · Score: 3, Insightful
  
  I'd also add that I'd be fine with this being turned off by default (i.e. your device isn't rooted by default). Most people won't need root access for what they use their phones/tablets for. But if I want to root my phone/tablet, I can turn this on (perhaps click OK on a "this can wreck havoc with your device if you don't know what you're doing" warning) and then have root access.
  Want to make it a little less likely that someone would turn on root by mistake? Do what they did with USB debugging. To turn this on, you need to go to Settings, About Phone, and tap the Build number 7 times just to get the option to display. Make it so "Enable Root Access" doesn't display unless you tap some other section like this. It would prevent casual users from accidentally getting root access while making it much easier for the rest of us to do this.
  
  --
  My sci-fi novel, Ghost Thief, is now available from Amazon.com.
3. Re:Awesome! by amxcoder · 2016-06-24 05:54 · Score: 1
  
  I'm highly skeptical of the info in the article of being able to root 90%. When I got my GalaxyS5 (running 4.4), I needed to root it (for reasons I won't go into here), but in order to root it, I had to install "SafeStrap" for a recovery boot option, ODIN to flash older kernel to the device, boot to recovery, and downgrade the kernel, then use "BusyBox" and "TowelRoot" to root the device... then recovery boot again, and use ODIN to re-flash current kernel back. This method involved rebooting the phone multiple times, flashing from recovery mode (which an app can't run in recovery mode), sideloading some apps that aren't available in the Play store, and using ODIN (windows program) from a connected PC, plus having downloaded 2 kernels to have handy (and moved to the SD card) for the flashing.
  
  With all that said, how is a "flashlight" app achieving all this when there were too many steps that required user interaction and couldn't be done by an app on the phone? I call BS to the 90% number.
  
  But I agree with the parent, that Root access should be a menu setting, and not require the technical gymnastics that it has become. If not on all phones, then at least on all phones purchased outright that are "unlocked" and not from the carriers (Nexus and other brands similar). I have bought 2 phones recently for family, where we paid full price outright for them, not through the carrier, and are not carrier branded nor even sold through the carrier, and yet they have no root access on them. Why? Would people still use Windows/MacOS if all you got was a user account when you installed, and didn't have admin privileges? I think not. Why is this deemed acceptable on a phone when it's not acceptable on a PC. I would make the same argument for the mediaplayers out there as well, like FireTV, NVidia, AppleTV etc. Should all have root access as an option.
Rooting? by Anonymous Coward · 2016-06-24 03:03 · Score: 0

Cool, any way we can get the source code? I need to root my phone, and AT&T has persisted in maintaining an encrypted bootloader which means I have to jump through many hoops to fully use my $300 device. I want AT&T admins off my phone.
Re:potential 'capability' is not actual installati by macs4all · 2016-06-24 03:11 · Score: 1

public warnings are ok, and beneficial . but screaming is too much.
I didn't see/hear any "screaming"; but I would say, if there were malware in the iOS App Store that could root 90% of iPhones in use, I'd want Slashdot to be right on it!
Godless? by Nidi62 · 2016-06-24 03:14 · Score: 4, Funny

This wouldn't have happened if Android had been more intelligently designed.

--
The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
1. Re: Godless? by Anonymous Coward · 2016-06-24 03:20 · Score: 0
  
  Ha! I see what you did there.
2. Re:Godless? by The-Ixian · 2016-06-24 03:26 · Score: 1
  
  +1 Insightful
  That was pretty witty.
  
  --
  My eyes reflect the stars and a smile lights up my face.
3. Re: Godless? by Anonymous Coward · 2016-06-24 03:52 · Score: 0
  
  According to TFA, the actual binary name is libgodlikelib.so, which is more apropos, so I'm not sure why they are calling it "godless." I do however agree that the whole fundamental Android security model is not intelligently designed.
4. Re:Godless? by lgw · 2016-06-24 04:26 · Score: 1
  
  Wish I had mod points - my hat's off to you sir!
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
5. Re:Godless? by Anonymous Coward · 2016-06-24 06:30 · Score: 0
  
  This wouldn't have happened if the users were more intelligently designed. WHo the fuck installs something called "Summer Flashlight"?!?
Nine things that iDon't by tepples · 2016-06-24 03:17 · Score: 1
An iPhone may be right for those people who are not interested and will not become interested in any of the following types of applications, which Apple expressly prohibits in the App Store:
- Video games with realistic violence
- Military simulations depicting the U.S. Civil War (Confederate insignia falls subject to the hate symbol rule and real entity rule)
- Satire of an identifiable person or organization (real entity rule)
- Video games published by companies now out of business (execute code rule)
- Apps for learning to program that allow sharing your work with other users (execute code rule)
- Launcher replacements for persons with disabilities
- WLAN utilities, such as utilities for troubleshooting your wireless network or for contributing to a collaborative map of wireless networks (Apple deems AP enumeration in iOS to be private)
- Web browsers that implement HTML features that Apple has left out of Safari (WebKit rule)
- Professional-grade applications that the user needs to evaluate first (trial rule)
(Reasoning)
1. Re:Nine things that iDon't by XxtraLarGe · 2016-06-24 03:32 · Score: 1
  
  Satire of an identifiable person or organization (real entity rule)
  Unless that person is Donald Trump, apparently.
  
  --
  Taking guns away from the 99% gives the 1% 100% of the power.
2. Re:Nine things that iDon't by clonehappy · 2016-06-24 03:59 · Score: 1
  
  But of course! Trump doesn't count as a real person to anyone on the left, he's subhuman. See, they use the exact same tactics that real, actual racists and bigots use to discredit people they hate, but since he's white and a male it's all A-OK! I used to support Apple, but lately I'm finding out that there isn't a single organization left that I can give my money to and still be able to sleep at night.
  By the way, love the signature. I get that feeling often.
3. Re:Nine things that iDon't by Anonymous Coward · 2016-06-24 04:02 · Score: 0
  
  Well, it's a given that you have to make allowances for the current targets of the daily Two Minutes Hate.
4. Re:Nine things that iDon't by ConceptJunkie · 2016-06-24 04:11 · Score: 0
  
  By the way, love the signature. I get that feeling often.
  I am about as conservative as they come, but since I also try to apply Christian principles to my thinking, I get accused of being a liberal on occasion. One of the most amusing was when I criticized the repulsive treatment Rush Limbaugh gave Sandra Fluke. Don't get me wrong. I think she's an idiot, but Limbaugh was sickening about it. I guess holding all people to the same standard isn't common among people any kind of politics.
  But more often, I get people automatically attributing bad stereotypical beliefs to me that simply don't apply. It would be nice to be judged based on your actual words and actions than the knee-jerk pigeonholing that almost everyone does. People who do argue with me seldom actually respond to what I say, but respond to the evil, racist, ignorant, redneck, stereotype strawman so beloved by the Left. It's really pathetic.
  
  --
  You are in a maze of twisty little passages, all alike.
5. Re:Nine things that iDon't by Locke2005 · 2016-06-24 07:58 · Score: 1
  
  Donald Trump is obviously not a real person!
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
6. Re:Nine things that iDon't by macs4all · 2016-06-24 09:50 · Score: 1
  
  Apps for learning to program that allow sharing your work with other users (execute code rule)
  Not sure if all of these qualify; but at least some of them do. And this list is somewhat old. And a Search of the iOS App Store came up with an impressive list of Programming utilities and IDEs for a wide variety of languages. So, I'm not sure what the problem is.
  
  Launcher replacements for persons with disabilities
  I guess Cromulent Labs' "Launcher" must be misnamed, then.
  
  WLAN utilities, such as utilities for troubleshooting your wireless network or for contributing to a collaborative map of wireless networks (Apple deems AP enumeration in iOS to be private)
  Really, I have a few on my iPhone and iPad. My favorite is "Fing".
  
  Web browsers that implement HTML features that Apple has left out of Safari (WebKit rule)
  Not sure what the big deal is: Mobile Safari seems to "Check the Boxes" as well as almost any other browser. And it looks like a couple of things that Mobile Safari has left out would have run afoul of some other iOS rule.
  
  As for the rest of it, meh.
  
  I admit that Trials would be nice; but most iOS Apps are cheap enough that it hardly matters.
7. Re:Nine things that iDon't by tepples · 2016-06-24 14:19 · Score: 1
  
  And a Search of the iOS App Store came up with an impressive list of Programming utilities and IDEs for a wide variety of languages.
  Before I spend hundreds on an iPad, keyboard, and app licenses with which to review the functionality of said "impressive list", how can the user import a project into one of these IDEs? Some reviews in the slideshow you linked mention exporting but not importing. Must all projects originate on the device? Or does the editor run locally and the testing run remotely, such as through SSH, X11, VNC, or RDP? If so, my use thereof would require an expensive mobile broadband subscription because city buses don't have Wi-Fi. The description of Kodiak PHP on page 3 of 12 of the slideshow bears this out:
  
  Note that if you want to use a database (typically MySQL), it will be on an external server, not your iPad; you will need connectivity.
  Likewise, the description of Textastic on page 5 of 12 allows offline testing only for a small fraction of the supported languages:
  
  Textastic is a Textmate-compatible text, code, and markup language editor for the iPad with syntax highlighting for more than 80 programming and markup languages. [...] It can do local and remote Web preview for HTML and Markdown files, but it can't run any other kind of code internally.
  Nearly half of the apps in the slideshow were ancillary tools useful to some developers, such as SSH (again, useless on the bus), UI design, and GitHub issue communication. But that's like saying Stack Exchange for iOS is a "programming app". That leaves Kodiak PHP, Codea, and Pythonista. Why do these get a free pass with respect to the rule whose current text is "nor may they download, install, or execute code, including other iOS, watchOS, Mac OS X, or tvOS apps"?
  
  Launcher replacements
  I guess Cromulent Labs' "Launcher" must be misnamed, then.
  After six months of rejections under the rule whose current text is "Apps that create alternate desktop/home screen environments or simulate multi-app widget experiences will be rejected." Though it has since returned to the App Store, Apple's inconsistency in interpreting its own guidelines is likely to have a chilling effect on would-be developers of other launcher apps:
  
  If developers don’t have explicit guidelines to go on [...], our only choice is to potentially waste huge amounts of time working on apps that ultimately get rejected in an attempt to find something that will get accepted. [...] When pressed on the issue of their policies leading to wasted developer time, I was told, "If you are afraid something you are working on will be rejected, then don’t work on it."
  And it still can launch only those apps that expose a URL scheme.
  
  WLAN utilities, such as utilities for troubleshooting your wireless network or for contributing to a collaborative map of wireless networks (Apple deems AP enumeration in iOS to be private)
  My favorite is "Fing"
  The screenshots on Fing's website make it look like a tool for scanning a WLAN to which you have already connected, not enumerating the SSIDs of WLANs whose beacons reach your device. The API for the former is public; the API for the latt
E-waste much? by tepples · 2016-06-24 03:21 · Score: 2

stop being a cheap-ass and buy a new phone.
And put the old phone to what use? Adding to the growing e-waste problem?
1. Re:E-waste much? by ryanmetcalf · 2016-06-24 03:25 · Score: 4, Interesting
  
  I admittedly deploy mine as IP cameras since they already have WiFi and camera on board https://play.google.com/store/...
2. Re: E-waste much? by Anonymous Coward · 2016-06-24 03:28 · Score: 1
  
  Just like AOL disks: coasters.
3. Re:E-waste much? by justthinkit · 2016-06-24 04:42 · Score: 1
  
  s/admittedly//
  
  --
  I come here for the love
4. Re:E-waste much? by Anonymous Coward · 2016-06-24 09:17 · Score: 1
  
  Same here. I have an old HTC One V and an LG Optimus F6 that I paid less than $50 each for. I didn't want to deal with the hassle of selling online for notmuch or finding someplace to drop them off to recycle them, so I re-purposed them as security cameras. They're connected to a WLAN with no internet access and stream to a raspberry pi 1 model b which runs Motion and does some minor processing and stores them on a rotating basis.
  I also use the linked IP Webcam app on the phones--it's the least buggy Android IP cam software I tried out. It has its own webserver and has built-in processing so you don't even necessarily need to use Motion.
  My office is in the attic (3rd floor) and it's pretty neat being able to see who's at the front door (1st floor) before rushing down. Or before they even ring, with an alert based on motion detection. It would be even nicer to be able to record infrared at night but that's a project for another year. It's much easier to just mount the cameras indoors in a window rather than deal with outside climate and running wires.
  For a time I used one of the old phones as an XBMC (now Kodi) remote. I could get over 10 days standby time regularly... which shows how little I actually used XBMC, which is now not at all. But I'm pretty happy with the phones as IP cams--not connected to the internet. Any future uses I come up with for these old, unsupported, riddled-with-security-hole phones are likewise going to be private LAN only.
Open Source Is Your Friend by Anonymous Coward · 2016-06-24 03:22 · Score: 0

Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide.
But not including F-Droid
Depends on who other than the owner has root by tepples · 2016-06-24 03:23 · Score: 1

And since when is root "malware"?

Since intruders started using it to give root access to someone other than the phone's owner, such as someone using information stored on the phone for financial crimes.
Hey, I need temporary root on a Huawei G8 by Anonymous Coward · 2016-06-24 03:35 · Score: 0

Where can I get those universal exploits? Without the malware part, of course... I just need to recover some deleted data. Otherwise I'll have to unlock the bootloader, and that voids the warranty.
1. Re:Hey, I need temporary root on a Huawei G8 by TheCarp · 2016-06-24 04:32 · Score: 1
  
  Came here thinking exactly this. I need an app like this for my phone. Think we can get these guys to update their package for the lastest versions? I could use an easy root.
  
  --
  "I opened my eyes, and everything went dark again"
Google never adopted a security first principle by Idisagree · 2016-06-24 03:41 · Score: 1

1) The security model is broken by design.
Android barely restricted apps from taking over your entire phone with an agree box until only fairly recently with Marshmallow.
2) The updating model is broken by design
Carriers don't care if your phone OS is out of date. Manufacturers don't care if your phone OS is out of date.
Bottom line constraint from the supply side - They both want to sell you a new phone or contract.
Bottom line constraint from the developer side - No major punitive incentives from Google to force upgrade have been passed to Vendors, Carriers.
1. Re:Google never adopted a security first principle by Anonymous Coward · 2016-06-24 04:01 · Score: 0
  
  Maybe if you can spin this into it cutting into their ad revenue they'll take notice.
Godless is actually a family of malware by phonewebcam · 2016-06-24 03:50 · Score: 1

Some variants are just the bare bones needed to install a payload which then waits for remote C&C instructions.
Which apps contain this malware by caseih · 2016-06-24 04:13 · Score: 1

I really hate it when articles go on and on about how certain malware was found in unspecified apps on the play store. I assume that Google took them down as soon as they were notified. But let's name the apps and the publishers, please. What specific apps contained this malware?
1. Re:Which apps contain this malware by green1 · 2016-06-24 04:55 · Score: 1
  
  Interestingly the summary also makes no mention whatsoever of any malware, only a tool that roots your device. That would be a good thing, not a bad thing.
  Now obviously they're implying that the app also does something evil once it has root, but they rely should say so.
  The way this is written is as if to imply that having any control over the hardware that you own is a horrible thing.
Re: So does Google actually scan the store or what by Anonymous Coward · 2016-06-24 04:24 · Score: 0

So malware can get root on my phone but I cant?
Godless by PopeRatzo · 2016-06-24 04:27 · Score: 1

We're all in deep shit unless we get right with God.
https://youtu.be/i_9aTfGgF0c

--
You are welcome on my lawn.
Flashlight app? by tomhath · 2016-06-24 04:30 · Score: 1

So that flashlight app that wanted access to my network, contacts list, photo gallery, and storage media was actually installed by some people?
1. Re:Flashlight app? by Locke2005 · 2016-06-24 07:56 · Score: 1
  
  You misspelled "fleshlight"...
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
root by Anonymous Coward · 2016-06-24 04:32 · Score: 0

But does the user get any warning or accessibility to the root ?
I might finally be able to root this piece of crud HTC that refuses to root using any system that I have found so far,just keep installing dodgy looking flashlight apps and keep usingchecking root checkers until one works !!!
Well, lucky for me... by rnturn · 2016-06-24 04:42 · Score: 1

... I haven't been able to access the Google Play store since the Android update I got back in April 2015.

--
CUR ALLOC 20195.....5804M
List of apps... by theendlessnow · 2016-06-24 05:18 · Score: 1

We would list the apps affected, but then we couldn't get into your phone anymore.
Re: So does Google actually scan the store or what by macs4all · 2016-06-24 05:44 · Score: 1

Go Stand In Line At The Apple Store!!
Never have; never will.

But I'd rather stand in line at the Apple Store for a few hours than spend two days reentering new CC information and changing passwords in everything, everywhere because my identity was compromised through malware on my smartphone...

Oh, and in case you haven't noticed, changing your name, birthdate and SSN isn't exactly an option for most people not working as "assets" for the CIA...
Dangit! I wish it was that easy ... by nevermore94 · 2016-06-24 05:52 · Score: 1

to root my Android 6.0 phone. I should never have upgraded. I really miss my old rooted phoned.

--
Nevermore.
Hold on... by Locke2005 · 2016-06-24 07:55 · Score: 1

(Checks Phone). Running 6.0.1... not seeing what the issue is.

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Godless malware roots Android .. by khz6955 · 2016-06-24 08:23 · Score: 1

Aren't you reaching a bit here. First the user has to download and install the malware and give it the admin password. How in gods name do you manage to read into that as 'rooting' the device. Do you have to serve up that self serving Microsoft propaganda on slashdot. Ars Technica -> Condé Nast->Microsoft-> Ars Technica
AT&T, Samsung Note, OS update by tgrigsby · 2016-06-24 09:02 · Score: 1

That probably explains why AT&T pushed out an update to 6.0.1 this week. They are usually a few versions behind, so this seemed like a pretty quick update...

--
*** *** You're just jealous 'cause the voices talk to me... ***
Same as in America then by Anonymous Coward · 2016-06-24 12:36 · Score: 0

Except you don't have to install any app on American phones to be tracked, sniffed, and profiled thanks to Google.
Do you think it is news if somebody besides Google and the Americans government has access to your phone but never a story about how your data is stolen by corporations in America?