# Android Viruses



## Sunray (Mar 4, 2011)

The are here and distributed by Google.

http://www.bbc.co.uk/news/technology-12633923

I wonder how that cat and mouse game will play out in the future.  Open platform so I can imagine that virus scanners will be a new update at some point. I'm assuming Android only allows access to other areas of the phone with a warning message?

I cant imagine the App store can be totally immune to this, but its going to be harder as the barrier to entry is higher.


----------



## editor (Mar 5, 2011)

All mobile platforms are going to be increasingly targeted, but I wouldn't get too complacent because you're using an iPhone.


> Prudence in downloading suspicious applications is very much advised on the open platform, and especially acquiring anti-virus software for mobile devices. Despite the iron-fisted management of Apple’s App Store, 11% of its apps are able to access the users contacts and 34% the users location, compared to 7.5% of official Android apps that access contacts and 28% that access location.
> http://www.techieinsider.com/news/6675





> McAfee’s demonstration app searched Twitter for a specific hashtag. If it got it, the app would then go to a website to grab scripting language — used typically for games — supported by both Android and Apple’s iOS, which runs iPhones, iPads and iPod Touches.
> 
> “Once that script was downloaded, it turned the flashlight into a bot,” Kurtz said.
> 
> ...


And Google acted very quickly:


> "I think Google had a really fast response to this," he said.
> Google did not immediately respond to a list of questions from CNN.
> Tom Parsons, a senior manager at Symantec, the company that makes Norton Anti-Virus software, also said Google handled the situation well.
> "Kudos to Google for that. It was only minutes before all of these apps were pulled from the Android Market," he said.
> ...


----------



## Sunray (Mar 6, 2011)

iOS asks you if an app tries to access specific areas on the phone.  So if a game ask for access to your contacts you gonna go 'eh?' unless your a bit dim.


----------



## editor (Mar 6, 2011)

Sunray said:


> iOS asks you if an app tries to access specific areas on the phone.  So if a game ask for access to your contacts you gonna go 'eh?' unless your a bit dim.


Err, so does Android before you install the app.


----------



## Hocus Eye. (Mar 6, 2011)

I have a virus checker called _Lookout_ which checks each app as you download it. So far it has judged them all to be clear. Of course for all I know it is a giant virus itself.

I would have liked to have seen a list of the dodgy apps. Removing them from the Market only protects new downloaders. I have no games so perhaps I am less at risk.


----------



## Kid_Eternity (Mar 6, 2011)

Sunray said:


> iOS asks you if an app tries to access specific areas on the phone.  So if a game ask for access to your contacts you gonna go 'eh?' unless your a bit dim.


 
Can't see a virus on the iPhone any time soon...but bit surprised Android has been so badly afflicted to be honest. Perhaps it's just not up to scratch yet?


----------



## editor (Mar 6, 2011)

Hocus Eye. said:


> I would have liked to have seen a list of the dodgy apps. Removing them from the Market only protects new downloaders. I have no games so perhaps I am less at risk.


A list is here: http://www.symantec.com/connect/blogs/new-android-threat-gives-phone-root-canal



Kid_Eternity said:


> Can't see a virus on the iPhone any time soon...but bit surprised Android has been so badly afflicted to be honest.


Nice bit of hyperbole there, but the platform has not been "badly afflicted" at all. An absolutely tiny amount of dodgy apps were found and near-instantly removed from the market, and there's been zero evidence of any Android user actually suffering as a result. 

http://news.cnet.com/8301-27080_3-20039520-245.html

Oh, and the iPhone's already had a trojan app in the App Store, albeit a benign one. 
http://www.telegraph.co.uk/technolo...-app-which-connects-to-internet-for-free.html


----------



## editor (Mar 6, 2011)

An update: the dodgy apps had no effect on phones running Android versions 2.2.2 or higher, they were removed from the store almost instantly, and they're being remotely removed off any handset that downloaded them while a security update is being pushed to any affected handsets.

http://googlemobile.blogspot.com/2011/03/update-on-android-market-security.html


----------



## Kid_Eternity (Mar 6, 2011)

And yet:



> The kill switch is not going to completely fix this problem. TechCrunch points out that Android devices are still vulnerable because of existing security holes at the system level, which must be fixed by cellular carriers and hardware manufacturers. The problem is made worse by cellular providers sticking with older versions of Android, unfortunate because the security exploit only affects Android versions 2.2.1 and older.



I remember there was a link recently which pointed out the vast majority of difference users have in terms of the OS they run. As there's no centralised updating down across all devices there will be a significant number of users who will remain vulnerable. This has real implications for the future...

And none of this addresses the fact that Google can basically decide to delete things from your phone when it feels like it either. Not something I'd thought people would like...


----------



## cliche guevara (Mar 6, 2011)

As long as you are sensible, and don't download dodgy apps like 'Screaming Sexy Japanese Girls', 'Sexy Legs', 'Hilton Super Sex Sounds' or 'Magic Hypnotic Spiral', you'll be fine. I really don't see this as a problem for the platform in the slightest. Also, I am yet to see a single scrap of evidence that anti virus apps are worth a jot.


----------



## FridgeMagnet (Mar 6, 2011)

cliche guevara said:


> As long as you are sensible, and don't download dodgy apps like 'Screaming Sexy Japanese Girls', 'Sexy Legs', 'Hilton Super Sex Sounds' or 'Magic Hypnotic Spiral', you'll be fine. I really don't see this as a problem for the platform in the slightest.



People aren't sensible though are they? They aren't on computers and certainly won't be on phones. Cracked games and porn will be potential vectors for trojans for the foreseeable future, and people will click through any security checks. I don't think it's an insurmountable problem at all but it needs addressing.



cliche guevara said:


> Also, I am yet to see a single scrap of evidence that anti virus apps are worth a jot.


 
I doubt they are either.


----------



## editor (Mar 6, 2011)

FridgeMagnet said:


> People aren't sensible though are they? They aren't on computers and certainly won't be on phones. Cracked games and porn will be potential vectors for trojans for the foreseeable future, and people will click through any security checks. I don't think it's an insurmountable problem at all but it needs addressing.


It's the new battleground for scammers and spammers and it's going to affect all phones with dodgy types getting in anyway they can.


----------



## FridgeMagnet (Mar 6, 2011)

Much as I don't want to get into any sort of format war here, the Android platform is *much* more susceptible to active malware than iOS, simply because (a) there's no app pre-approval before they appear and (b) apps have much more ability to mess with the device generally, so a trojan can give you more grief than just making unwanted calls or leaking your address book. These are two things that people frequently say are *good* about the platform after all - they come with downsides. I believe that there have been trojans going around for jailbroken iPhones on Cydia in much the same way as these Android ones.

I don't *think* Google will have a huge problem with this but they should definitely pay attention.

Incidentally I've read a few people saying that Google should charge more for a licence to submit apps, which I don't think is a good solution at all. If there's money to be made scamming, people will pay initial costs.


----------



## editor (Mar 6, 2011)

FridgeMagnet said:


> Much as I don't want to get into any sort of format war here, the Android platform is *much* more susceptible to active malware than iOS, simply because (a) there's no app pre-approval before they appear and (b) apps have much more ability to mess with the device generally, so a trojan can give you more grief than just making unwanted calls or leaking your address book. These are two things that people frequently say are *good* about the platform after all - they come with downsides. I believe that there have been trojans going around for jailbroken iPhones on Cydia in much the same way as these Android ones.
> 
> I don't *think* Google will have a huge problem with this but they should definitely pay attention.


 Android's openness certainly has the potential for extra grief, although I'd say Google's extremely timely and comprehensive response suggest that they're very much on the case and taking it seriously.

No matter what safeguards are put in place, hackers will still find ways to pinch data and users cash by different ways even on technically more secure systems like the iPhone's  - for example, the recent "'Huge' Apple iPad data breach in US" and the  iTunes hacking scams.


----------



## editor (Mar 7, 2011)

Even this Apple fan isn't too impressed with Apple's security:
http://www.macworld.co.uk/ipod-itunes/news/index.cfm?newsid=3263985


----------



## Sunray (Mar 8, 2011)

editor said:


> Even this Apple fan isn't too impressed with Apple's security:
> http://www.macworld.co.uk/ipod-itunes/news/index.cfm?newsid=3263985


 
I want him to demonstrate getting to AES256 encrypted data without the passcode.  You might be able to disable the passcode and get access to the phone but without it, that data is staying random bits.  That is an article from someone who thinks they understand something but actually don't.  The 3GS with v3 of the OS was flawed and exposed as flawed.

Have a look about for iPhone 4 hacks.

AES256 encryption is still considered OK to use by the NSA and for good reason.


----------



## sunnysidedown (Mar 8, 2011)

16 posts on a thread about Android and Ed has provided 6 links to articles about the iPhone.

Desperate.


----------



## Kid_Eternity (Mar 8, 2011)

FridgeMagnet said:


> Much as I don't want to get into any sort of format war here, the Android platform is *much* more susceptible to active malware than iOS, simply because (a) there's no app pre-approval before they appear and (b) apps have much more ability to mess with the device generally, so a trojan can give you more grief than just making unwanted calls or leaking your address book. These are two things that people frequently say are *good* about the platform after all - they come with downsides. I believe that there have been trojans going around for jailbroken iPhones on Cydia in much the same way as these Android ones.
> 
> I don't *think* Google will have a huge problem with this but they should definitely pay attention.
> 
> Incidentally I've read a few people saying that Google should charge more for a licence to submit apps, which I don't think is a good solution at all. If there's money to be made scamming, people will pay initial costs.


 
A big threat is the fact that the OS isn't updated amongst the majority of users...


----------



## editor (Mar 8, 2011)

sunnysidedown said:


> 16 posts on a thread about Android and Ed has provided 6 links to articles about the iPhone.
> 
> Desperate.


The only 'desperation' I can see here is your rather sad attempt to stir up a bunfight. Both Android and Apple's App Store * were mentioned in the opening post*, and since then people have been civilly discussing the merits and risks of both platforms.


----------

