Android accounted for 94% of mobile threats!
- As the Google report shows, while Android as a whole has a lot of malware, close to zero of it is on Google Play. The overwhelming vast majority of Android malware comes from third-party app stores such as 1mobile, Aptoide, etc. or random websites offering pirated paid apps. To get any of those, you have to manually enable third-party apps, which includes reading and agreeing to a warning.
In other words, it's more-or-less like Windows, where illegal (pirate) porn sites and pirate sites were the primary vectors for malware infections, and where, in most cases, users had to intentionally participate in high-risk activity. Ironically, people here on CB encourage BB users to do exactly this on a regular basis - encouraging the use of third-party app stores like 1mobile and Aptoide...
Of course, this part of the story doesn't get page clicks or sell ads, so the headlines are only going to talk about the total amount of malware, not how most official users will never encounter it.
I have heard many bad things about 1mobile in the forum.
Posted via CB1007-07-15 02:50 AMLike 0 - One thing we have to realize is that Android brings a lot of choice when it comes to settings and customization. Basically all apps run in boxed environments with no access to other parts of the system. However, users can give access.
Also, Android can be rooted, which is the point when users have full control and face full risk at the same time. Installing pirated apps from third party stores is obviously a bad idea.
Generally speaking, Android is not built to be 100% secure, but it is pretty safe for users who use common sense. The same goes for lots of security problems in IT infrastructures. Many times it is the user acting irresponsibly rather than a true technical security issue.
Posted via CB1007-07-15 03:09 AMLike 0 -
Afraid not, here's a good ol' privilege escalation exploit from way back in 2008: Vulnerability found in the latest Symbian operating system
And a touch of malicious code execution via MMS, from 2009: https://cxsecurity.com/issue/WLB-2009070014
Hacking Team, the surveillance contractor that was hacked yesterday, offers ways to monitor targets using Symbian as well - and that's something that will likely never be fixed, since the platform no longer receives updates.
Also, due to the hash checks for all executable files on Symbian (they will not execute unless it has a valid hash and are located in the sys/bin folder) the attacker would not be able to sent another process to be executed.
The exploit explained gained access to that process only which would only have limited capabilities on its own.07-07-15 04:27 AMLike 0 - Look at all the defenders of all things Google here. Do no evil gents ;-)
Android has 94 percent but their global market share is less than that. That shows once again that it is an insecure platform.
Downloading malware from unofficial sites? That in itself is an android problem and not a problem anywhere else. On IOS, windows phones and to a certain extent blackberry, clueless smartphone user would not even know where to begin to download un official apps.
Most mobile OSes ecosystem and policies protects it's less security/privacy conscious users.
Also there is a rule in hacking, and it's the cost vs benefit factor.
So obviously android phones are just too easy to hack.
And so what if people are going to install dodgy apps. Are you gonna stop them? It's the system that needs to be fixed not the users.
Posted via CB1007-07-15 05:59 AMLike 0 - Look at all the defenders of all things Google here. Do no evil gents ;-)
Android has 94 percent but their global market share is less than that. That shows once again that it is an insecure platform.
Downloading malware from unofficial sites? That in itself is an android problem and not a problem anywhere else. On IOS, windows phones and to a certain extent blackberry, clueless smartphone user would not even know where to begin to download un official apps.
Most mobile OSes ecosystem and policies protects it's less security/privacy conscious users.
Also there is a rule in hacking, and it's the cost vs benefit factor.
So obviously android phones are just too easy to hack.
And so what if people are going to install dodgy apps. Are you gonna stop them? It's the system that needs to be fixed not the users.
Posted via CB10
The same could be said about Microsoft's Windows and has been true for 20 years now and it hasn't been changed.pantlesspenguin likes this.07-07-15 07:33 AMLike 1 - Look at all the defenders of all things Google here. Do no evil gents ;-)
Android has 94 percent but their global market share is less than that. That shows once again that it is an insecure platform.
Downloading malware from unofficial sites? That in itself is an android problem and not a problem anywhere else. On IOS, windows phones and to a certain extent blackberry, clueless smartphone user would not even know where to begin to download un official apps.
Most mobile OSes ecosystem and policies protects it's less security/privacy conscious users.
Also there is a rule in hacking, and it's the cost vs benefit factor.
So obviously android phones are just too easy to hack.
And so what if people are going to install dodgy apps. Are you gonna stop them? It's the system that needs to be fixed not the users.
Posted via CB10
Best way to really fix Android is to make it a Closed OS and prevent anyone from installing Android unless it is installed on Google approved hardware. And lock the Boot Rom , and make it so apps installed from the Google Play Store would run, with all apps required to use Google Services for validation. Of course if that were to happen, BB10 would be dead in the water... No Runtime, No Android Apps....so watch out what you wish for. But that goes against what Google wanted for their OS... and make them too much like the Apple ecosystem.
But then that would help BlackBerry's security also as many of the malicious apps can be installed on a BlackBerry device.... and there really isn't some magical sandbox that keeps those apps from accessing info on your device or accessing the network. If a user installs a malicious app they are giveing it permission to do whatever it wants as we have no control over Android App Permissions (without using a 3rd Party App)07-07-15 07:36 AMLike 0 - Look at all the defenders of all things Google here. Do no evil gents ;-)
Android has 94 percent but their global market share is less than that. That shows once again that it is an insecure platform.
Downloading malware from unofficial sites? That in itself is an android problem and not a problem anywhere else. On IOS, windows phones and to a certain extent blackberry, clueless smartphone user would not even know where to begin to download un official apps.
Most mobile OSes ecosystem and policies protects it's less security/privacy conscious users.
Also there is a rule in hacking, and it's the cost vs benefit factor.
So obviously android phones are just too easy to hack.
And so what if people are going to install dodgy apps. Are you gonna stop them? It's the system that needs to be fixed not the users.
Posted via CB10
There's no need to defending here, it's just about analyzing and comparing different platforms. BlackBerry is superior to Android in terms of security, I think that is unquestioned. However, the current way they're going, with letting people install apk files from unknown sources of course bears some risks. That users don't know how to do it or that there just aren't enough users to make it a real problem doesn't mean it is a safe practice.
Installing a third party store through a sideloaded file and giving them all your Google credentials isn't safe at all, yet many are choosing to do it in order to improve their app choice.
To conclude a statement out of this I would probably agree to the fact that Android bears more risks to the common user but it is mainly because of their less controlled environment. Architectural problems might be added but I'd say they account for way less security breaches with consequences than users do on their own.
Posted via CB1007-07-15 07:39 AMLike 0 - Regarding sideloaded APKs - nothing new, but it is very well possible to 'hack' the ART http://www.security-sleuth.com/sleut...-android-phone (at least with 10.3.1, maybe BB fixed it but I doubt it). I tried it myself and it's certainly fun to remotely being able to access the camera etc.
Via Pasta CB1007-07-15 08:10 AMLike 0 - Regarding sideloaded APKs - nothing new, but it is very well possible to 'hack' the ART Using Metasploit to Hack an android phone ? The Security Sleuth (at least with 10.3.1, maybe BB fixed it but I doubt it). I tried it myself and it's certainly fun to remotely being able to access the camera etc.
Via Pasta CB10
This is not something that will happen in real-life. It's more of a proof-of-concept exploit.07-07-15 08:40 AMLike 0 - Hacks that require physical access to the phone are really hard to pull off. so first you must have access to the device and bypass the lock-screen in order to install the APK. and the exploit only works as long as long as the phone is on the same network as you.
This is not something that will happen in real-life. It's more of a proof-of-concept exploit.
Via Pasta CB1007-07-15 08:47 AMLike 0 -
And again, the moment you allow you phone to install non-google-play APKs, you are responsible for any the loss of security. It's like me telling you my gmail username and password, you accessing my account and then me blaming it on Google and not myself.
Also most Android exploits usually presented on this site as a means to show how insecure Android is usually have at least 1 or 2 unreasonable requirements that make it hard to pull off in real-life. I think Google balances pretty well the openness of Android with security requirements: you can install any app you want but you do so at your own risk.07-07-15 08:54 AMLike 0 - I'll give you the second one, but the first one can't be classed as a threat, it was a modification of the OS's InstallServer, removing the certificate checks, not something you could do without knowing exactly what you where doing and wanted to do.
Also, due to the hash checks for all executable files on Symbian (they will not execute unless it has a valid hash and are located in the sys/bin folder) the attacker would not be able to sent another process to be executed.
The exploit explained gained access to that process only which would only have limited capabilities on its own.07-07-15 09:16 AMLike 0 - This is scary stuff people! It is really harming everyday users as well. Something should be done about all of these threats.
Here is a link to a post from a real user whose phone was recently infected with one of these threats -
http://forums.crackberry.com/android...rning-1026786/
That poor guy was just downloading and installing random things from the internet to his Passport from who-knows-what-sources and look what happened to him! His Android apps got held hostage. Surely there must be some way to prevent things like that from happening.
It is a crazy and scary world we live in. What happened to the days of being able to install any random, suspicious thing we came across on the internet? Now we have to use common sense and only stick to installing stuff from trusted sources? That's just too hard for some people.Superdupont 2_0 and Troy Tiscareno like this.07-07-15 09:17 AMLike 2 - From the article you provided: Ensure that the android phone is connected to a local area network and make sure you know its IP address
And again, the moment you allow you phone to install non-google-play APKs, you are responsible for any the loss of security. It's like me telling you my gmail username and password, you accessing my account and then me blaming it on Google and not myself.
Also most Android exploits usually presented on this site as a means to show how insecure Android is usually have at least 1 or 2 unreasonable requirements that make it hard to pull off in real-life. I think Google balances pretty well the openness of Android with security requirements: you can install any app you want but you do so at your own risk.
Dunno about 'unreasonable' or maybe I just don't see Google as 'balanced' as you do.
Via Pasta CB1007-07-15 09:37 AMLike 0 - Sure, the linked article is only about local attacks, still it is possible through WAN as well. Just some googling required. Let's say you managed to put the Malware on device, then you can secretly start a web server as well. While I agree it's a very bad idea to install APKs from untrusted sources, it's really not the same as giving out your Google login data. There is/was a Webview vulnerability which affected browsers downloaded from Play Store (and not patched in older versions) too, so 'normal' users were fracked as well.
Dunno about 'unreasonable' or maybe I just don't see Google as 'balanced' as you do.
Via Pasta CB10
Android is like Windows on PC. With a little bit of common sense you will be fine in 99% of cases.07-07-15 09:53 AMLike 0 -
Via Pasta CB1007-07-15 10:01 AMLike 0 - True, I have seen such machines as well. My point is that the ability to install untrusted apps being disabled by default and giving users a warning about potential security risks is a good balance between security and accessibility. The best way to solve this would be to block all sideloading from android altogether. I don't see another way for google to protect users against such rogue apps.07-07-15 10:31 AMLike 0
- Prem WatsAppCrackBerry Jester of JestersCryptoLocker for Android...
Now available for your device!
8-o
� Chendroid or not? - QNoX powered ftw...? �07-07-15 03:38 PMLike 0 - Prem WatsAppCrackBerry Jester of JestersTrue, I have seen such machines as well. My point is that the ability to install untrusted apps being disabled by default and giving users a warning about potential security risks is a good balance between security and accessibility. The best way to solve this would be to block all sideloading from android altogether. I don't see another way for google to protect users against such rogue apps.
"Just google some program so I can watch this video or download from youtube, click, click, click, Next, Next, Express Install, Agree, Next, Finish..."
If you ask, "I don't know how that got on there..."
And that's how the junk, ad-ware and spyware end up on the PCs and are causing a horrible mess. Why should it be different on Android? "Permissions, ok, done... "
:-D
� Chendroid or not? - QNoX powered ftw...? �07-07-15 03:44 PMLike 0 - On the contrary - I see people recommending 1mobile and other "alternative" app stores here almost daily, and I cringe each time. It's kind of like shopping for used car parts in Tijuana...Soulstream and Blacklatino like this.07-07-15 07:22 PMLike 2
- Forum
- Popular at CrackBerry
- General BlackBerry News, Discussion & Rumors
Android accounted for 94% of mobile threats!
Similar Threads
-
Screen is 2/3 blank (Top 1/3 displays top 1/3 of screen picture)
By team_leader_alpha1 in forum BlackBerry Z30Replies: 24Last Post: 07-30-15, 10:08 AM -
10.3.2.556 just pushed via Vzw for my Z10
By Blackgqc in forum BlackBerry 10 OSReplies: 29Last Post: 07-06-15, 06:48 PM -
Blackberry Variant approved through IDA for Malaysia and Singapore
By Anthony Roberts5 in forum General BlackBerry News, Discussion & RumorsReplies: 2Last Post: 07-06-15, 11:10 AM -
Android on current devices?
By dvarnai in forum General BlackBerry News, Discussion & RumorsReplies: 2Last Post: 07-06-15, 09:34 AM -
Forum feature: readers mark a post as "essential" for a given thread
By RyanGermann in forum Site and App Feedback & HelpReplies: 1Last Post: 07-06-15, 08:52 AM
LINK TO POST COPIED TO CLIPBOARD