[Rickroller]

Check this out....

Google ousts 21 malicious applications from Android Market, user handsets | BGR

Pretty disturbing

Look at some of these "apps" which were pulled:

�Super Sex Positions
�Hot Sexy Videos
�下坠滚球_Falldown
�Hilton Sex Sound
�Screaming Sexy Japanese Girls
�Falling Ball Dodge
�Scientific Calculator
�Dice Roller
�躲避弹球
�Advanced Currency Converter
�App Uninstaller
�几何战机_PewPew
�Funny Paint
�Spider Man
�蜘蛛侠

I mean..c'mon. Most of those are a joke..and anyone installing them isn't too bright. There has to be some level of consumer awareness about anything they're installing, be it from RIM, iOS, or Android. I personally don't install anything without checking reviews (both online and from market) and doing a little homework.

[scorpiodsu]

The same can be said for your example. The user would have to trigger that stack overflow to trigger the exploit (be it visiting a website or whatever is needed to be done for that to happen). If they don't do that (similar to your not installing a malitious app off of AppWorld and giving it permission to your stuff), the problem won't happen on their platform either.



One very nice point is brought up in the Engadget version of this article. Android 2.2.2 is imune to the hacks used in those apps. Right now the only handsets to get this update and contant updates are the Nexus ones. Seems Google takes care of their own and a lot of vulnerability blame can be put on other Android handset manufacturers for not allowing Google to do their own OS updates across all hardware makes. Having to wait for Samsung/HTC/Motorola to release and update for security reasons seems rediculous. This has always been a weakness for anyone who hands over control of their platform OS to that of a manufacturer or a carrier (in RIM's case). Apple sucks because their updates aren't quick and constant. They seem to want to pool fixes together and make one giant OS update every few months or so. I wish they'd treat iOS a bit more like OSX in terms of patches... maybe 5 will bring OTA updates, who knows.

I agree. Definitely a problem here with fragmentation. If all devices had the same updates available at the same time then it's a lot easier to protect. But when you have several OS versions and manufacturers it's a lot harder to do so.

[scorpiodsu]

Look at some of these "apps" which were pulled:

�Super Sex Positions
�Hot Sexy Videos
�下坠滚球_Falldown
�Hilton Sex Sound
�Screaming Sexy Japanese Girls
�Falling Ball Dodge
�Scientific Calculator
�Dice Roller
�躲避弹球
�Advanced Currency Converter
�App Uninstaller
�几何战机_PewPew
�Funny Paint
�Spider Man
�蜘蛛侠

I mean..c'mon. Most of those are a joke..and anyone installing them isn't too bright. There has to be some level of consumer awareness about anything they're installing, be it from RIM, iOS, or Android. I personally don't install anything without checking reviews (both online and from market) and doing a little homework.

Agreed. Some of the apps are jokes but the reports are that some of them have been downloaded over 50,000 times. So someone like them LOL.

[i7guy]

The same can be said for your example. The user would have to trigger that stack overflow to trigger the exploit (be it visiting a website or whatever is needed to be done for that to happen). If they don't do that (similar to your not installing a malitious app off of AppWorld and giving it permission to your stuff), the problem won't happen on their platform either. ...snip...

Do you have anything more than a theory on a drive by stack overflow or rooting on a Blackberry with a recent build? I know you didn't say BB, but were are not talking theoretical examples.

Installing an application where you give it permission to do something and it misuses information is a different league of an application that causes a stack overflow and roots the phone. The iphone PDF vulnerability is a bad one because unless you jailbreak the phone (to get a warning about opening a pdf) you don't know the phone has been compromised.

[JRSCCivic98]

i7, stop using the term "Drive By". It's incorrect and leads people to think simply walking on the street with an iPhone or Android device gets you hacked, WHICH IS TOTALLY INCORRECT. While a BB doesn't have these same vulnerabilities in most cases, the day will come when someone opens up that back door.

There are similar overflow type exploits in BBOS if someone bothered to find them. Back when I had an 8830 and RIM never solved the low ringer volume issue, I put out a free solution for the community that allowed them to play a specially encoded video which basically crashed the volume control limit on the handset and allowed for really loud ringtone volumes to be played (the maximum allowed by the hardware) until you rebooted the phone. The bug in the OS software that allowed this to happen wasn't fixed for several OS4.5 releases after that and when it was finally fixed, the volume levels were finally bumped up by RIM as well. So, ya, the holes in the OS are there... you just have to give enough of a rats *** for a platform to want to point them out.

[i7guy]

i7, stop using the term "Drive By". It's incorrect and leads people to think simply walking on the street with an iPhone or Android device gets you hacked, WHICH IS TOTALLY INCORRECT. While a BB doesn't have these same vulnerabilities in most cases, the day will come when someone opens up that back door.

There are similar overflow type exploits in BBOS if someone bothered to find them. Back when I had an 8830 and RIM never solved the low ringer volume issue, I put out a free solution for the community that allowed them to play a specially encoded video which basically crashed the volume control limit on the handset and allowed for really loud ringtone volumes to be played (the maximum allowed by the hardware) until you rebooted the phone. The bug in the OS software that allowed this to happen wasn't fixed for several OS4.5 releases after that and when it was finally fixed, the volume levels were finally bumped up by RIM as well. So, ya, the holes in the OS are there... you just have to give enough of a rats *** for a platform to want to point them out.

Why should I stop using the term "drive by", it's exactly what it is. Just casual surfing lends you a compromised phone. lol.

And yeah you had to find them, but we are talking about current day vulnerabilities, not what existed 5 years ago.

[Branta]

i7, stop using the term "Drive By". It's incorrect and leads people to think simply walking on the street with an iPhone or Android device gets you hacked, WHICH IS TOTALLY INCORRECT.

Almost invariably the security failures are due to Operator Error. Choose from the unskilled playing with jailbreaks and rooting, social engineering, or the remarkable greed for anything for nothing. Here's another report of the latest version... The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor | Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police

[qbnkelt]

That is scary as h3ll.

Posted from my CrackBerry at wapforums.crackberry.com

[Jake Storm]

"Openness", the reason I will never buy an Android or Windows phone.

[JRSCCivic98]

Why should I stop using the term "drive by", it's exactly what it is. Just casual surfing lends you a compromised phone. lol.

And yeah you had to find them, but we are talking about current day vulnerabilities, not what existed 5 years ago.

OK, now you're really reaching. WTF?! "Casual Surfing" leads to a compromised iOS device now? Maybe I'm stupid or just forgot, but show me this vulnerability.

[crucialcolin]

Just saw the local news was talking about some new dangerous Android virus. Only to come here and see this thread lol. It also amazing how many apps people download without paying attention to what their really getting.

Personal I now see the openness of android becoming a disadvantage and I expect it to parallel with windows in terms of viruses

[JRSCCivic98]

Just saw the local news was talking about some new dangerous Android virus. Only to come here and see this thread lol. It also amazing how many apps people download without paying attention to what their really getting.

Personal I now see the openness of android becoming a disadvantage and I expect it to parallel with windows in terms of viruses

It amazes me how quickly everyone starts running with this type of news only to find out none of the journalists out there know anything about what the original issue really was. Once the media gets a hold of it, it's like a long line of idiots playing "pass it on".

[i7guy]

Just saw the local news was talking about some new dangerous Android virus. Only to come here and see this thread lol. It also amazing how many apps people download without paying attention to what their really getting.

Personal I now see the openness of android becoming a disadvantage and I expect it to parallel with windows in terms of viruses

It seems to be the way things are headed.

[Machzy]

I was playing around with my bro's X10 within the first few months that he got it and ran across an 'antivirus' app....I was like 'Wtf does that do?'

And he explained to me that there are some malicious disguised apps out there that are actually viruses.

I couldn't believe it. But then again - what I want to know is how prevalent are they in the Android Market? Also - has Google said anything about 'cracking down' on that?

[hootyhoo]

I was playing around with my bro's X10 within the first few months that he got it and ran across an 'antivirus' app....I was like 'Wtf does that do?'

And he explained to me that there are some malicious disguised apps out there that are actually viruses.

I couldn't believe it. But then again - what I want to know is how prevalent are they in the Android Market? Also - has Google said anything about 'cracking down' on that?

From what I understand, there aren't any viruses, but there is malware (malware exists for bb also).

The anti virus apps for android don't really do anything other than compare an app to a data base of apps with known problems. It will then let you know and give you the option to delete the offending app.

Posted from my CrackBerry at wapforums.crackberry.com

[Machzy]

From what I understand, there aren't any viruses, but there is malware (malware exists for bb also).

The anti virus apps for android don't really do anything other than compare an app to a data base of apps with known problems. It will then let you know and give you the option to delete the offending app.

Posted from my CrackBerry at wapforums.crackberry.com

Speaking of which - did you get a chance to read this yet:

Google flips Android kill switch, destroys a batch of malicious apps -- Engadget

[howarmat]

damn that is nice. I wish rim would do more updates like this instead of having to wait for carriers to approve OS and such.

[JRSCCivic98]

damn that is nice. I wish rim would do more updates like this instead of having to wait for carriers to approve OS and such.

Well, Google is taking care of their own in terms of issuing an update to fix this. Only their Nexus products were noted of getting a direct update to 2.2.2 to block the security holes these apps were using for malitious purposes. Other Android handsets still go through those manufacturer OS releases and carrier OKs beforehand. The nice part however is that Google and Apple have a remote app kill switch in the OS to uninstall these apps through a push to the handset. I haven't see RIM do that yet. There's both a good side and bad side to this. Sometimes Apple let's an app slip, like the DOS emulator a couple of months ago. If I installed it, I wouldn't want them choosing to delete it if it wasn't malicious. So far, I don't think either company has shown any proof of pushing the kill button on non-malicious apps, but you never know what the future might bring.

[missing_K-W]

Well, Google is taking care of their own in terms of issuing an update to fix this. Only their Nexus products were noted of getting a direct update to 2.2.2 to block the security holes these apps were using for malitious purposes. Other Android handsets still go through those manufacturer OS releases and carrier OKs beforehand. The nice part however is that Google and Apple have a remote app kill switch in the OS to uninstall these apps through a push to the handset. I haven't see RIM do that yet. There's both a good side and bad side to this. Sometimes Apple let's an app slip, like the DOS emulator a couple of months ago. If I installed it, I wouldn't want them choosing to delete it if it wasn't malicious. So far, I don't think either company has shown any proof of pushing the kill button on non-malicious apps, but you never know what the future might bring.

That's why I'm thankful for BIS and appworld....I don't have to worry about putting my info out to the sharks and predators of the world. Nor do I have to worry about malicious software in appworld.....it's nice that they are pulling kill switch....but that's after the fact....too little too late...they should have the capacity as RIM has to nip it in the bud before it even hits the market and the consumer....how can you patronize their short comings like that?

Posted from my CrackBerry at wapforums.crackberry.com

[JRSCCivic98]

That's why I'm thankful for BIS and appworld....I don't have to worry about putting my info out to the sharks and predators of the world. Nor do I have to worry about malicious software in appworld.....it's nice that they are pulling kill switch....but that's after the fact....too little too late...they should have the capacity as RIM has to nip it in the bud before it even hits the market and the consumer....how can you patronize their short comings like that?

Posted from my CrackBerry at wapforums.crackberry.com

Lol, I guess you've missed all the threads about JaredCo.

[missing_K-W]

Lol, I guess you've missed all the threads about JaredCo.

That's why I only use apps from Appworld and not from jaredco's app store....that's what you end up with, purchasing through a 3rd party app store. Buyer beware

Posted from my CrackBerry at wapforums.crackberry.com

[JRSCCivic98]

That's why I only use apps from Appworld and not from jaredco's app store....that's what you end up with, purchasing through a 3rd party app store. Buyer beware

Posted from my CrackBerry at wapforums.crackberry.com

JaredCo has/had apps in the AppStore. Nice try though. Lol

Several people have been trying to reach out to RIM to pull their stuff down.

[TeaBoy]

Is blackberry more secure than iphone?

[JRSCCivic98]

Is blackberry more secure than iphone?

In the right hands with the right config, yes. However, the truth is that all mobile platforms have their strengths and weaknesses. A big factor for all of them is user/config governed. So, it's not quite as black and white as a lot of people imply.

[missing_K-W]

Is blackberry more secure than iphone?

Yes it is....Apple has some serious security issuses....over the air....software and haredware wise....wouldn't be banking on one...I'm sure many forumers can guide you to some shocking articles....RIM is the only company to have heavily encrypted front end and back infrastructure....it's their primary reason for being slower then the competition in many aspects to move forward..everything that RIM undertakes has a security first foundation. Which makes it more challenging to innovate at a rapid pace.....however QNX has the highest security ratings possible....so you should see them innovate at a rapid rate of acceleration from this point onward

Posted from my CrackBerry at wapforums.crackberry.com