More than a third of Android apps host malware

7/27/2012 9:19 AM EDT

The story quotes a former cybersecurity expert for the FBI saying: "It’s going to take one young woman to be stalked, raped and killed before people realize the need security on GPS.”

This is troubling -- to say the least.

7/27/2012 10:15 AM EDT

Even though i do not contest the trustfulness in this report but this is good old scare tactics and probably upcoming market for security firms.

7/27/2012 1:10 PM EDT

The entire business model of Android for Google revolves around gathering your private information so that they can show you more targeted ads. So
All Android phones are intended to collect your private data in a supposedly anonymous way. When google itself do this, can you blame the 3rd party app developers on taking your private data and trying to monetize it? Thats why all enterprise customers go for iOS/Blackberry.

7/27/2012 3:31 PM EDT

Android play store really needs rigorous approval process. Apple has been doing this and definitely the apps are pretty clean.

7/27/2012 7:23 PM EDT

There are shades of grey here.

We unofficially and maybe unconsciously contract with Google and other Web 2.0 companies when we use their Web services, letting them data mine our preferences.

With malware third parties that run the gamut from entrepreneurs to those with malicious intent try to jump on the bandwagon as it rides past. So far the damage has not been great enough to drive people away, but...

7/28/2012 1:14 AM EDT

The article title is scary ... but is the malware a technical violation of data privacy (consolidating data without explicit permission) or is it actually capturing and exploiting private data for identity theft or other illegal activities? More details are needed to determine whether these are scare tactics laying the groundwork to justify selling scanning software or a representative sampling of compromised Androids.

7/28/2012 11:44 AM EDT

This article is ridiculous.

If Google's Android apps had malware, I think we knew that by now

Android is open but it doesn't mean that any app can do whatever they want.

Even anti-malware software apps can't do much since they are just regular apps and don't have the right to control other apps (except if pre-installed on the device as a system app or if the device is rooted).

7/28/2012 4:03 PM EDT

So it there anti virus software for our android devices?

7/28/2012 4:26 PM EDT

This is concerning. I may swap out my Galaxy for an iPhone 5 when available.

7/28/2012 10:00 PM EDT

The question is what information can be accessed by malware. Everyone will have concern on saved password be accessed. Will you have concern if your contact list (aka address book) is accessed? We definitely need to pay attention to our connected devices; yet, we shall react and draw a conclusion too quick too soon. I would love to read the report from BT that shows the detail of study and which apps are the suspect.

7/29/2012 12:57 AM EDT

Would people pay for a certification and a guarantee that a product has no malware or spyware? Whose guarantee would be trusted? Or would be enforceable?

7/29/2012 7:00 AM EDT

I would like to know what definition of malware was used by researchers. if they include adware in there as malware, then this result is to be expected.

7/29/2012 2:49 PM EDT

After selling operating systems for 20years without antivirus solution, Microsoft had realized the necessities of designing security solution running by the OS designer/developer only.
Similar way the security solution is an acute need for mobile/tablet platform designed by Google.
I hope that they will realize the need in a early stage.

7/29/2012 6:02 PM EDT

Quoting the article:

"GPS devices can also be hacked, said Knesek.

“'It’s going to take one young woman to be stalked, raped and killed before people realize the need security on GPS,' said Knesek a former cybersecurity expert for the U.S. FBI who worked on the Kevin Mitnick case."

I don't understand what he's saying.

The problem with the GPS signal being hackable, i.e. unauthenticated, which is the source of controversy and discussion, is NOT that someone's location can be determined by someone else. It is that GPS users in a given general area can be provided with bad location info.

How this makes a mobile device user more stalkable, I don't know. What might make such a user more stalkable is a nonsecure cell telephone, texting, or web browsing comm link, in which comm link divulges that user's GPS location. But authenticating the GPS signal won't help this scenario at all. The only thing that would help is encrypting the cell phone or texting or other apps.

GPS is a one-way broadcast signal, satellites to users. That's all. Nothing goes out from the user' mobile device when that users receives GPS data, UNLESS some other application in the device uses the location data and in turn transmits it out.

7/30/2012 12:44 PM EDT

Once again, our cool technology is a double edged sword. Are there any single edged swords?

Malware or not, these phones can allow trouble to happen.Photos can have location and time data embedded in them. Unsecure texts or Twitter posts can expose such information. All of the marvelous capabilities in the smart phone in my pocket could make my life so much easier while at the same time making my entire life much more vulnerable to theft and or exploitation.

7/30/2012 8:31 PM EDT

So did anyone actually buy these wild claims that BT seems to have retracted already, for example http://www.zdnet.com/bt-backpedals-on-claims-almost-every-android-device-has-malware-7000001837/

Seems like a FUD campaign to me. So really the question is, whose? Should the headline start with "According to Apple,..." or perhaps "According to Microsoft,..."?

7/31/2012 5:02 AM EDT

When it reaches 50% malware, they will start calling it Windows.

7/31/2012 12:00 PM EDT

I think this is mostly FUD

although of course they might have been analysing apps illegally posted on warez and torrent sites rather than from the android market in which case it is not a surprise.

7/31/2012 2:10 PM EDT

Until someone gets hurt either financially or personally then the issue like they say " that dog won't hunt". I also was wondering what the effect on the performance of the android machines the "malware" software was causing and what was it doing? It was not clear to me from the article that they knew what all the rogue software was doing (if anything). It does not surprise me that there are those who will try to piggyback on software to get access to machines, what does surprise me is this is the first I have heard of it on Androids.

8/1/2012 6:40 PM EDT

I recently saw an article on Android Anti-Virus Software. It pointed out that EVERYTHING in an Android is sandboxed. Therefore an Anti-Virus program can't see the programs it is trying to detect, by definition. Malware can't see your information, unless you say it can. What is crazy to me is that there are so many apps out there that require every permission in the book. On the one hand, that should set anyone's suspicions off. On the other hand, users shouldn't be required to look at a laundry list of permissions to decide whether a specific app should have them. Most are unable, and many have both legitimate and illegitimate uses. So, a program that uses it legitimately could use it illegitimately as well.

The best answer, I am sorry to say, is to take all those permissions away. I can be identified by my GPS location alone (I spend time at home, right?) any app that can see both my GPS and the Internet could be a stalking tool. The only solution is for the apps to be code inspected by a third party certification agency. Then the distribution package gets compiled by the App Store from the inspected code. The developer pays for this and doesn't know who the inspector is, of course.

It may sound extreme, but it is the only solution that will allow full flexibility in the apps and block the potential abuses.

8/2/2012 3:21 AM EDT

Or as pointed out we should start by defining that end to end encryption is mandatory for every service which needs user info. This should by default be built into the application itself.

8/4/2012 11:59 AM EDT

Now that they have used the dubious excuse of 9:11 to put GPS tracking of every citizen into your phones, they now want to use the dubious excuse of malware and other scare tactics to make everyone have privacy-invading DPI chips in every phone.

If they do much more to "protect us" then we will be so repressed and have so few rights that we won't have a life worth protecting.

All we need is good, strong, open-source encryption.
If mobile software has vulnerabilities then it should be open-sourced so the community can fix it.

8/29/2012 2:56 AM EDT

Android users beware, more than 50 mobile apps in the official Android Market have been discovered containing malware that could have compromised sensitive and personal data. While Google has already yanked the apps from the Market, this first big infection highlights the inherent vulnerability of Android's openness to developers. Check here for more info http://drawsomethingcheat.eu