Android!! So much for the free and open stuff!

[edinlexusV8]

From BBC - http://www.bbc.co.uk/news/technology-12633923

 

Android hit by rogue app viruses

 

More than 50 applications available via the official Android Marketplace have been found to contain a virus.

 

Analysis suggests that the booby-trapped apps may have been downloaded up to 200,000 times.

 

The malicious apps were copies of existing applications, such as games, that had been repackaged to include the virus code.

 

All the apps found to contain the malicious code have now been removed from the Android Marketplace.

 

Remove and recall

The virus-laden apps were discovered by a Reddit user called Lompolo who realised that one program was listed under the name of a publisher he knew had not written it.

 

He found that the app, which let people play guitar on their handset, was the same as the original but for a name change and some virus code buried within it.

 

Lompolo said the rogue apps had been downloaded between 50,000 and 200,000 times since they were placed on the Marketplace.

 

Lompolo initially found 21 apps bearing the viral code but, according to an investigation by mobile security site Android Police, the final tally is believed to involve more than 50. The apps are also known to be available on unofficial Android stores too.

 

Once a booby-trapped application is installed and run, the virus lurking within, known as DroidDream, sends sensitive data, such as a phone's unique ID number, to a remote server.

 

It also checks to see if a phone has already been infected and, if not, uses known exploits to bypass security controls and give its creator access to the handset. This bestows the ability to install any code on a phone or steal any information from it.

 

The latest version of the Android operating system, known as Gingerbread, is not vulnerable to the exploits DroidDream uses.

 

Open access

As well as removing the applications from the Android Marketplace, Google has also suspended the three accounts being used by the developer behind the apps.

 

It also has the option to use a security tool that can recall and uninstall rogue applications from phones. It is not thought to have yet done this as its investigation continues. Google has yet to issue a formal statement about the rogue applications while it completes the investigation.

 

Writing on the Trend Micro security blog, Rik Ferguson, pointed out that remote removal of the booby-trapped apps may not solve all the security problems they pose.

 

"...this remote kill switch will not remove any other code that may have been dropped onto the device as a result of the initial infection," he wrote.

 

He advised anyone who believed they had installed one of the malicious apps to find out whether they need to get a new handset or re-install the operating system on the one they have.

 

The open nature of the Android platform was a boon and a danger, he warned.

 

"This greater openness of the developer environment has been argued to foster an atmosphere of creativity," he wrote, "but as Facebook have already discovered it is also a very attractive criminal playground."

[JustGav]

Not precisely fresh news

 

Apple has also had it's share of this.... MS might exempt at the moment purely because no-one uses their phones (Just kidding, chap)

[Thorin]

...and all the apps have long since been removed/blocked.

[BazzaAlpine]

lol MS don't need it as they are breaking things by themselves

[edinlexusV8]

lol MS don't need it as they are breaking things by themselves

 

MS is doing the mightiest thing of all by releasing updates for all of their WP7 phones on all the networks. Making all the networks agree to send down the OS updates is a mighty big thing and has never been done before. If you cannot admire their efforts I dont know what will impress some of you!

[JustGav]

MS is doing the mightiest thing of all by releasing updates for all of their WP7 phones on all the networks. Making all the networks agree to send down the OS updates is a mighty big thing and has never been done before. If you cannot admire their efforts I dont know what will impress some of you!

 

I'll agree with you on that, working with operators is a nightmare at the best of times.....

[BazzaAlpine]

I work on compatibility testing for Jagex. I know all about releasing updates being a pain in the butt etc. but there are not that many windows 7 phones out that they couldn't check a major patch like they did. It's not like it would take months. You kick off a phone, go to the next one, then go back later to make sure the damn thing still works. I'm not having a go at the logistics of it just the QA.

[AlexJames]

...buy an iPhone

[JustGav]

...buy an iPhone

 

If I wanted something that couldn't run flash, I'd use my C64

[edinlexusV8]

I work on compatibility testing for Jagex. I know all about releasing updates being a pain in the butt etc. but there are not that many windows 7 phones out that they couldn't check a major patch like they did. It's not like it would take months. You kick off a phone, go to the next one, then go back later to make sure the damn thing still works. I'm not having a go at the logistics of it just the QA.

 

Dude what sort of updates do you release? Application level updates? Network level updates? OS updates? Firmware updates? If you understand the issue with WP7 update, the whole issues is with some of the hardware components manufactured by Samsung have an older version of Firmware on them. Samsung did not update the firmware on these phones before they released the phones even though they had a latest version of firmware available for these components. MS now updated their update so that these firmwares are also included.

 

Microsoft resumes windows phone 7 update to samsung devices/

[imi]

[BazzaAlpine]

Dude what sort of updates do you release? Application level updates? Network level updates? OS updates? Firmware updates? If you understand the issue with WP7 update, the whole issues is with some of the hardware components manufactured by Samsung have an older version of Firmware on them. Samsung did not update the firmware on these phones before they released the phones even though they had a latest version of firmware available for these components. MS now updated their update so that these firmwares are also included.

 

Microsoft resumes windows phone 7 update to samsung devices/

 

Application and network. Basicaly making sure it works on hardware pretty much from the 1990's to the latest stuff today including laptops / notebook mobility chipsets. Software wise we check IE versions from 5.5, Firefox (from 2 if I recall correctly), Saffari, Opera and Chrome on Ubuntu (latest and current LTS), Mac OSx 10.4, 10.5, 10.6 on both G4 processors and intel based macs (10.6 only on intel as not supported on the G series processors) and Windows 2000, XP, Vista, Vista x64, 7 and 7 x64. On top of this throw in combinations of MS Java, Sun Java 1.4, 1.5, 1.6.0, 1.6.7, 1.6.10, the latest public release (currently 1.6.24) and 1.7 beta. Needless to say a full compat takes about a week and is boring as hell (compat testing is all about repitition).

 

Bummer about the firmware. Did MS tell Samsung the update needed the latest version of firmware or did someone just assume it would work. I have a rather apt phrase we use 'Assumption is the death of a QAer'.

[AlexJames]

haha that made me chuckle

[CJ]

http://farm3.static.flickr.com/2378/2474527734_09ebef91ba.jpg

 

[creative]

Android!! So much for the free and open stuff!

 

 

 

 

its still free and open.... or am I just looking at it too simplistic?

 

 

[Animal]

I don't think you missed anything. I reckon it was just an excuse for Edinbillgatesass to have a pop at non-windows stuff. He's like the geek version of IMI.

[edinlexusV8]

Well there is always a cost associated with free and open stuff which generally people dont calculate or ignore. Even Nokia disowned their own open and free Symbian and MeeGo operating system! Ok there is nothing wrong with Android as long as it is backed by a company like google but if the system doesnot generate enough revenue for google as an OS or for developers for selling their apps or for network operators to put their services then the quality & monitoring will go down drastically and there is always a place for malware.

[CJ]

i don't think you missed anything. I reckon it was just an excuse for edinbillgatesass to have a pop at non-windows stuff. He's like the geek version of imi.

 

[Animal]

[imi]

I don't think you missed anything. I reckon it was just an excuse for Edinbillgatesass to have a pop at non-windows stuff. He's like the geek version of IMI.

 

How dare you compare me to mr wannabe gates. He is in a league of his own.

 

[Animal]

One of you bit!

 

 

My work is done [/smug]

 

[edinlexusV8]

260,000 devices infected on the android platform by malware (info from Google) due to a critical security flaw ... This effects phones with ver 2.2.1 and below ... may be some of you guys in here should check your phones for any of these 58 apps... Google has now said they would uninstall these apps remotely, and that they would take new measures to enhance security. These does not however remove any extra downloaded software, and does not patch the hole in Android 2.2.1 and lower in any case.

 

The offending apps list:

•Falling Down

•Super Guitar Solo

•Super History Eraser

•Photo Editor

•Super Ringtone Maker

•Super Sex Positions

•Hot Sexy Videos

•Chess

•Falldown

•Hilton Sex Sound

•Screaming Sexy Japanese Girls

•Falling Ball Dodge

•Scientific Calculator

•Dice Roller

•Advanced Currency Converter

•App Uninstaller

•PewPew

•Funny Paint

•Spider Man

•owling Time

•Advanced Barcode Scanner

•Supre Bluetooth Transfer

•Task Killer Pro

•Music Box

•Sexy Girls: Japanese

•Sexy Legs

•Advanced File Manager

•Magic Strobe Light

•Panzer Panic

•Mr. Runner

•Advanced App to SD

•Super Stopwatch & Timer

•Advanced Compass Leveler

•Best password safe

•Finger Race

•Piano

•Bubble Shoot

•Advanced Sound Manager

•Magic Hypnotic Spiral

•Funny Face

•Color Blindness Test

•Tie a Tie

•Quick Notes

•Basketball Shot Now

•Quick Delete Contacts

•Omok Five in a Row

•Super Sexy Ringtones