JackClark

I think this deserves it's own thread.

More info here.

http://www.androidpolice.com/2011/03...open-backdoor/

Saint AAI

With a system as massivly popular as Android, it was only a matter of time before stuff like this appeared . Thankfully Google were quick to react in pulling the apps from the Market, and that there are a large amount of developers working to close any loopholes. This hasn't affected many people, and has been stopped dead in it's tracks. Not an issue in my opinion.

boomer

I disagree!

If the underlying architecture of Android means that a mere "app" can root a device, corrupt the kernel of the operating system and thus potentially expose your entire life (contacts, diary, financial info including access methods, day-to-day habits, personal e-mail and documents etc.) to shady persons unknown (and without your knowledge) then it proves that they still haven't learned from the days when Microsoft shipped Windows with "everyone is Administrator".

With the push for "contactless technology" being built into phones for financial transactions, people are starting to put an awful lot of eggs into one flimsy basket

mb

hodgy0_2

To me this is not a technical argument but more of a philosophical one.

It just boils down to whether you prefer an open or closed environment – a prescriptive or non prescriptive attitude to life.

It is often said that the problem with a Democracy is that due to its open nature it allow societies to make mistakes, but I would take that over a benign dictatorship any day of the week.

JackClark

This is just the start. I spoke of a shock waiting for Android customers later this year, but it's already happening, the horse has bolted and rather than close the gate Google will chase after each one. Get ready for the Antivirus companies to pounce and take chunk of your hard earned every month.

hodgy0_2

and here

http://www.bbc.co.uk/news/technology-12633923

"The open nature of the Android platform was a boon and a danger", noted Trend Micro security blogger, Rik Ferguson

no **** sherlock

why can't the apps be digitally signed

Saint AAI

There's been malware on iOS too. People just need to be careful, same as when using a normal computer.

JackClark

Link please Saint.

JackClark

http://lifehacker.com/#!5775320/how-...0-malware-apps

pigSTi

iTrader: (5)

/yawn

Been using Windows for years, same difference really....

mart360

Because then you end up with the current situation we see now with certain oem's controlling the market and dictating what you can or cannot see/ use / load.

Nokia do it with there apps, as do Jacks fan club...

Hence why people root..

That said, if your daft enough to store sensitive details on a device that can be compromised... you reap what you sow so to speak

Mart

hodgy0_2

I 110% agree – and if you read my original post on this subject, I put forward the view that I would rather have a system where people are allowed to make mistakes than one where it is impossible to, due to restrictions placed on your activities; put there by people who “know what you want”

that's why to me, it is not really a technical issue

and anyone using an "open" device as a financial tool - is one

JackClark

Sensitive data like your phone book, phone usage and the phone's IMEI?

You have two choices, applications are scanned before being allowed on the phone, or scanned on the device. Do none of those at your peril.

hodgy0_2

but why can't they be digitally signed with a "chain of trust" not just from the phone manufactures but from the software publishers

JackClark

It costs £25 to be an Android publisher, a good piece of malware will make than a hundred times over.

hodgy0_2

true -- but its not the money is it -- how much to Lloyds bank pay for a digital certificate to sign https://banking.lloyds.co.uk (and how much is at stake)

pennies (but billions at stake)

it is not about the money, it is about the "chain of trust" verified by a provider like verisign, thwate etc

so an "open" system (like the www) -- but just dont download anything that has not been digitally signed -- just like you would not goto a website to do banking unless it had a valid certificate

StickyMicky

Quite impressed that these apps were rooting devices.

I can only wonder if it was successful against all devices as my Hero was a bit of PITA to root myself due to T-Mobile closing up all the early loop holes.

The more android is tidied up and made more noob friendly, the more spacktard bumpkins will start to use it and fall for various scams.

I will say though that this scam was pretty well done.

JackClark

I think so. One think I'm surprised by is the lack of backdoors being placed into pre release ROM things, that's a great opportunity just waiting to be used.

Saint AAI

http://www.cultofmac.com/malware-cla...asswords/60140
http://arstechnica.com/apple/news/20...n-the-wild.ars
http://www.internetnews.com/security...ware-Found.htm

Granted it's mainly to do with Jailbroken iPhones.

JackClark

By mainly you mean 100%. The malware for Android will work on a phone straight out of the box!! Poor old grandma downloads Androids number one fart app and next thing she has a £500 bill!!

GazTheHat

Grandma has issues then as a lot of the malware apps had "sexy" in the title.