[Tre Lawrence]

Funny how the topic always shifts from the content to personal attacks by "true platform believers."

It's a lame way to try and change the subject.

Who is attacking you?

Try this: access any of your friend's market account. Access the all portion of the Apps section. it will list every app downloaded. You can post it, and we can all parse through them and find the rogue apps.

BTW, how did you remove them? With what software?

Check my posts. I have no shame in eating my words and saying I am/was wrong. I am quite willing to do that in this case.

[Tre Lawrence]

If you insist, however:

1) A friend's HTC Rezound was starting to send out "there's this bad picture of you on X link" messages to his Twitter contacts. We tried changing his password, and that didn't help. Finally isolated it to his device and removed a "fast, fun" Twitter client and the problem went away.

2) A neighbor's Galaxy S III on T-Mobile kept crashing and rebooting. It would be "warm in the morning" when she woke up. She hit her data cap of 2 gigs/month on T-Mobile within a couple of days and got throttled to EDGE. Turns out that a game about popping balloons was the culprit... we had to factory-reset the phone to get rid of the problem.

3) My buddy Dylan in Tucson had his Galaxy S II start to "act funny." He complained about it and then noticed that -- yep -- he was using all of his data allotment in just a couple of days. He tried using his anti-virus program and it's been "disabled." It won't work or scan. Hmmmm. Anyway, I'm sending him a T-Mo S III from my phone drawer. On his Facebook profile, there was quite a debate by other Android folks as to how to "help fix the problem that they had too" by going to WiFi. Most didn't know that suddenly using gigs of data a day is probably a bad sign.

And so on and so forth. These are all just from the last five months or so.

None of the users sideloaded apps or used apps from any source other than the official Play Store.

(Waits for the "video or it didn't happen" retort).

I think a key issue is that we may all have different ideas of what malware is. I'll leave it that.

[brmiller1976]

You can't gloss over the inadequacies of Android. It's a tool, and when tools are used unwisely, they create trouble. Yes, you could argue that other tools need less care, but hey, that is a concession I am currently willing to make. The day Android legitimately burns me, you best believe I'll be shouting from EVERY rooftop I can find.

So where, pray tell, is the bright red warning sticker on every Android phone (and warning pop-up on the Play Store) that says: "WARNING: BE CAREFUL BEFORE DOWNLOADING! THIS APP COULD STEAL DATA, DAMAGE YOUR PHONE, OR COMPROMISE YOUR SECURITY! BE SMART, INSTALL ANTI-VIRUS AND DON'T DOWNLOAD APPS WITHOUT KNOWLEDGE OF THE MAKER FIRST?"

Because if you're going to blame the user for getting infected from a Play Store download, you need to start by informing the user up-front of the unique risks that Android poses.

the prudent thing to do is to make a note of all this malware

Not for me. When I use Android, I use the basic apps, and I'm not a tech journalist or security analyst. I also don't have time to chronicle all the malware apps, which Trend Micro and the other big security firms do better anyway.

[brmiller1976]

Who is attacking you?Try this: access any of your friend's market account. Access the all portion of the Apps section. it will list every app downloaded. You can post it, and we can all parse through them and find the rogue apps.

Are you kidding me? Why would I do that?

BTW, how did you remove them? With what software?

We would uninstall them using the settings menu, and if the behavior continued, I'd do a factory reset of the phone.

we may all have different ideas of what malware is

I actually think the definition of malware is pretty well-established. If the app does something bad, deliberately, it's malware. A "game" that serves as a botnet spoke is malware. So is a Twitter client that sends out spam with phishing links.

[TgeekB]

Which Twitter client was it?

[kbz1960]

tbh, that is precisely the thing that worries me the most about BB10. The blessing and curse of the Android runtime.

I'd love to know what QNX did to firewall that d*mn thing off from the rest of the OS.

I thought android apps are sandboxed? Guess you could still lose whatever though but it can't harm your system.

[Tre Lawrence]

So where, pray tell, is the bright red warning sticker on every Android phone (and warning pop-up on the Play Store) that says: "WARNING: BE CAREFUL BEFORE DOWNLOADING! THIS APP COULD STEAL DATA, DAMAGE YOUR PHONE, OR COMPROMISE YOUR SECURITY! BE SMART, INSTALL ANTI-VIRUS AND DON'T DOWNLOAD APPS WITHOUT KNOWLEDGE OF THE MAKER FIRST?"

Because if you're going to blame the user for getting infected from a Play Store download, you need to start by informing the user up-front of the unique risks that Android poses.



Not for me. When I use Android, I use the basic apps, and I'm not a tech journalist or security analyst. I also don't have time to chronicle all the malware apps, which Trend Micro and the other big security firms do better anyway.

Careful... blame the user? When did that occur? I do suggest people be smart regardless of platform, and I will readily concede that Google could do a better job. I do believe that if you download apps from vetted environments (the word we are all avoiding is UNPIRATED), the risk is mitigated.

Most Android users are able to make it without downloading malware. You make it sound like all/most of your friends did, which is an interesting percentage.

[brmiller1976]

Which Twitter client was it?

I don't remember the name. Tweet-something-or-other. I also don't remember the name of the balloon-popping game other than it had "balloon" in it.

And frankly, I don't care if you don't like that. My experience with Android folks is that even if I did "download all my friends' app lists" and post them on a BB site, the theme would then shift towards either blaming the user for downloading an app that was on the official marketplace, or demanding their username and password so that they themselves could check up on it.

Look, if you want to believe that Android is safe and secure and has no problems, knock yourself out. I will continue to talk about my experiences with that platform, regardless of efforts to try and bully me into silence.

[Tre Lawrence]

I thought android apps are sandboxed? Guess you could still lose whatever though but it can't harm your system.

I think you are right, now that I think of it. Still, I hate to see what would happen if someone disguised some malicious code.

[brmiller1976]

Most Android users are able to make it without downloading malware.

Source? Link? (Hey, if it's good for the goose)...

You make it sound like all/most of your friends did, which is an interesting percentage.

I did nothing of the sort, although this line is a great example of the sort of (feeble) bullying and personal attack to which I was alluding to earlier.

I never made that claim -- you fabricated it entirely, again, to change the subject.

[Tre Lawrence]

I don't remember the name. Tweet-something-or-other. I also don't remember the name of the balloon-popping game other than it had "balloon" in it.

And frankly, I don't care if you don't like that. My experience with Android folks is that even if I did "download all my friends' app lists" and post them on a BB site, the theme would then shift towards either blaming the user for downloading an app that was on the official marketplace, or demanding their username and password so that they themselves could check up on it.

Look, if you want to believe that Android is safe and secure and has no problems, knock yourself out. I will continue to talk about my experiences with that platform, regardless of efforts to try and bully me into silence.

B, if it is a bad app, then it is a bad app. No one will hide it. No one is bullying you... c'mon.

I'd like to know. Android's true strength, IMHO, is the crowd-sourced nature of the platform. When there is a bad app, it spreads like wildfire. This is why I find it hard to believe a Twitter app can cause damage without it being broadcast to high heavens.

Let's agree to disagree. No, i do not think Android is overrun by malware. No reason we can't have mature discussions.

[Tre Lawrence]

Source? Link? (Hey, if it's good for the goose)...



I did nothing of the sort, although this line is a great example of the sort of (feeble) bullying and personal attack to which I was alluding to earlier.

I never made that claim -- you fabricated it entirely, again, to change the subject.

Dude, you are seriously claiming you are being bullied? Seriously?

[brmiller1976]

B, if it is a bad app, then it is a bad app.

It's a malware app, not a "bad app."

Although, I am glad to note that your standard is now "thorough documentation including account details" for any future discussions. I will be sure to hold you to the same standard. :P

When there is a bad app, it spreads like wildfire.

I'm going to need a quantitative assessment of that. Do you have statistics and hard data on how news of bad apps travels?

i do not think Android is overrun by malware. No reason we can't have mature discussions.

Unfortunately, the guys who do the tracking disagree:

Android malware cases to hit 1 million in 2013

I'd say that 1 million malware apps -- up from 125,000 a year earlier -- is indeed overrun. If it was cockroaches or bedbugs instead of malware, the building would be condemned. And there's no way that news of 1 million individual apps will "spread like wildfire." It's too much to process.

And in my personal experience, I'd never thought of removing malware on phones nor had to help friends do so until Android came along. And I've been running smartphone OSes for 8 years prior to the launch of the G1.

No other platform has this problem, and pretending it doesn't exist or is "overblown" or accusing other people of lying about their real experiences simply makes more people vulnerable due to a false sense of security.

[TgeekB]

Dude, you are seriously claiming you are being bullied? Seriously?

It's really not worth the effort Tre.

[nemo7]

Android is and will be always crap because its open source and there is no Control. BB will always be safer than crapdroid.

[brmiller1976]

It's really not worth the effort Tre.

I agree. If you've got facts to share, get to it. But personal insults and attacks are just wasting your time -- such bullying attempts honestly don't faze me.

You guys have claimed that malware is almost impossible to get on Android unless the user is unbelievably stupid, and that bad apps are always caught and extinguished immediately. And the facts simply don't gel with your argument, which is why you've "gone personal" and studiously avoided addressing any of the points I made earlier.

Look, I'm used to this from the Android fan camp, but it doesn't change the fact that, yes, Android usage makes you uniquely vulnerable and no, it's not the user's fault if he gets infected. He is using an OS that will grow from 125,000 malware apps last year to 1 million this year and likely 7million to 10 million next year (at that rate of growth).

[bobauckland]

You guys are wasting your time, brmiller is a troll pure and simple.
For months people have been asking him to name his mystery apps, he can't because he's bluffing.
The bullying claims are pathetic there's just one person acting immature here I'm this thread and that's brmiller.
Most BlackBerry 10 fans shouldn't talk down android because android apps on BlackBerry 10 is a huge deal, and BlackBerry admits as much as 40% of their apps are BlackBerry ports.
With side loading the security of these apps is further compromised.
When you add in the fact that people are recommending open source apps this is just a huge can of worms waiting to spill over and with these and other changes people should not be talking up BlackBerry 10s security for consumers because it's a huge step down from BlackBerry 7.
There's many many other step ups for consumers though, but security isn't one of them.
Anyway, bottom line, don't feed the troll, just ignore him.

Posted via CB10

[xandermac]

Can't you "sideload" that malware?

[brmiller1976]

The Fandroid brigade is out in full force.

"Ignore the facts! Facts are trolling!"

Then, after asserting that Android is completely secure and every experience, malware research report, or personal story to the contrary is a "lie" or "trolling," they proceed to attack BB (or Windows Phone) with hilariously ridiculous security claims, essentially trying to argue that not only is Android secure, but BB isn't secure because... it can sideload Android apps.

But I thought there was no Android malware... that it's all a lie and trolling. So how can sideloading Android apps be a security risk?

Ahhhh.... fandroids.

[brmiller1976]

Here's another "detailed citation" that has been demanded of me that, like Trend Micro's report on Android's Million Malware March, will also be studiously ignored, with all replies being "tell us which apps YOU encountered, in detail, with a log of your friends' Android account details!"

apple-android-malware - Apple 2.0 -Fortune Tech

Note that the typical Android user is 263x more likely to encounter malware infections than a BlackBerry or Windows Phone user. Note also that despite being only 7x Apple's market share, Android has 112x as many malware issues.

Now Fandroids, go demand that Fortune "produce the list of apps," mmm-kay? Because "there is no Android malware" and "bad apps travel like wildfire so nobody gets them" and "nobody gets infected" and so on.

[bobauckland]

You're not even listening.
Nobody is saying that android is 100% secure.
However if you use common sense and proper avenues to get apps you are extremely unlikely to face problems.

On BlackBerry 10, if anything you are more secure with the device from the factory than anything available. But once you start side loading its miles more insecure, the apps come from non authorised sources and anything can happen. And side loading is heavily promoted.
Users, myself included, use all sorts of apps, like open WhatsApp, that would be considered a security nightmare on most platforms, which is not a slight on the dev at all, it's just one of these apps could easily be a security disaster but users choose to download them because they're desperate.

You grant sideloaded apps all sorts of permissions, what's to stop those apps misusing those permissions?
Like on Android, these issues would be 100% user error.

Do you think all those port a thon apps have had proper security vetting? Really?

BlackBerry has realised consumers don't care at all about security. They will happily allow Google to data mine if it means a good smartphone experience.
So they've toned back consumer security for BlackBerry 10 and produced a very competitive device with a lot of potential.
But the drawbacks of Android apps are magnified by side loading to levels probably even higher than on Android devices. Pluses and minuses.

Those are the facts.
Put them in your trollifier app and let's see what you come up with

Posted via CB10

[brmiller1976]

However if you use common sense and proper avenues to get apps you are extremely unlikely to face problems.

Define "common sense and proper avenues."

You'll likely say "through the Play store" but there's plenty of malware there. There are regular takedowns of apps after they've infected enough people to be noticeable.

The reality is that you're only "safe" with the biggest-name apps, which means that the "hundreds of thousands of apps" out there that aren't big-name are a security risk. Install one of them, especially a new one from a small developer, and you're taking a risk.

It also makes it difficult for small developers to make money on Android. If "common sense" includes not installing new apps or less popular apps or unfamiliar apps, how does a legit developer get traction on the Market?

Android is unique in that it's the only major smartphone OS where installing an app on the "official store" could result in malware damages.

On BlackBerry 10, if anything you are more secure with the device from the factory than anything available. But once you start side loading its miles more insecure, the apps come from non authorised sources and anything can happen.

The same thing is true of BlackBerry 7. You can install and run apps on BB7 from sources other than the BlackBerry App World. Yet BB has one of the lowest malware rates of any OS out there.

Users, myself included, use all sorts of apps, like open WhatsApp, that would be considered a security nightmare on most platforms, which is not a slight on the dev at all, it's just one of these apps could easily be a security disaster but users choose to download them because they're desperate.

In a properly sandboxed environment, this shouldn't happen. And since Whatsapp will be certified by BB (as it is by Microsoft and Apple).

You grant sideloaded apps all sorts of permissions, what's to stop those apps misusing those permissions?

Same thing is true with apps on BlackBerry 7 that are installed from SD or downloaded from a place other than BB World. This is NOT a "new thing."

The difference isn't sideloading -- the difference is ANDROID.

Do you think all those port a thon apps have had proper security vetting? Really?

Absolutely I do. BB said they'd received something like 120,000 app submissions, but the App World only has around 70,000 apps. Not all of them have been released yet -- and why is that? Likely because BB is still putting them through their security checks.

BlackBerry has realised consumers don't care at all about security. They will happily allow Google to data mine if it means a good smartphone experience.

I'd go a step further. Most users aren't even aware of what Google is doing -- that's why Microsoft's latest Scroogled campaign raised so many hackles in technology circles (even if the campaign itself sorta sucks). And Android isn't really that great of a smartphone experience relative to the other three choices in the market, but that's a debate for another day. Long story short, Android is successful because OEMs can install it for free.

Consumers also have a habit of "not caring" until suddenly something makes them care. That day is rapidly coming, judging from Android malware development acceleration. When the first big news of bank accounts being spirited off to Russia or millions of handsets breaking into the "Harlem Shake" around the world, there will be panic and this issue will be examined in a new light (just as it was for Windows 9X and XP).

But the drawbacks of Android apps are magnified by side loading to levels probably even higher than on Android devices. Pluses and minuses.

Doubtful. Android apps can be sideloaded on Android devices -- with all the same attendant risks, and greater access to core system functionality.

I also doubt that anybody who isn't a hard-core geek will be sideloading Android apps onto their BB phones. It requires a rather extensive level of technical skill, similar to rooting on Android, that the average user doesn't have.

The average user is unlikely to encounter malware in the BB, WP, or Apple stores. He or she is more likely by the hour to encounter it in Google Play -- 112x more likely than in iOS, over 200x more likely than on BB or WP. And that's the primary infection vector that should concern users and the world they connect to.

Those are the facts.

Those are opinions, you mean.

[recompile]

Easy if you can get people to sideload apps from third-party sources rather than get them from the Google Play store. With flexibility and power come responsibility, and learning basic lessons like you must point the gun away from your head when firing.

You know that Google Play (especially Android Market) is loaded with malware, right?

Google's trying harder, but it's still a huge problem:

Mobile Malcoders Pay to (Google) Play | Mobile banking Trojan Australian Banks | Infosec

"Cybercriminals love to offer their infected programs directly through the Google Play applications store ... The first case of this was reported back in March 2011, and since then malware has appeared regularly in this online store"
Tricky Android malware fools users with Google Play icon - Technology on NBCNews.com

Android Malware Abounds -- Even In Google Play Store: Just One More Reason I'm An Apple Fanboy - International Digital Times


Trend Micro found that 23% of Android apps (including those in Google Play) are outright malicious.
Trend Micro: One in ten Google Play Store apps is malware | WMPoweruser
One in Ten Google Play Apps are Malicious - BlackBerry - BB

Don't think you're safe just because you only use the "official" store!

[brmiller1976]

I'm not sure why the Android folks aren't willing to acknowledge that Google Play has serious malware issues, but it certainly does. "Blame the stupid user" isn't a legit answer, especially when the other three major stores don't have that problem and over 1 in 10 apps is malware (with that proportion likely to grow to thirty to forty percent with the surge in malware development).

I've been encouraging several of my Android-using friends to use the Amazon App Store on Android instead of Google Play, since Amazon does the app security checks that Google doesn't.

[GoJaysGo]

There is a reason RIM has doubled up on Anti-Virus for BlackBerry World. Since they are allowing Android on their phones, they are also opening the **** storm of crap that follows with it.

BlackBerry Works with Trend Micro to Expand Protection for Customers Against Malware, Privacy Issues in Third-Party Applications -