HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Security research labels ...

Thu Nov 1, 2012, 12:37 PM

Security research labels more than 290,000 Google Play Android apps as 'high-risk'

Source: Network World US

Security vendor Bit9 categorized these Android apps as "questionable" or "suspicious" because they could gain access to personal information to collect GPS data, phone calls or phone numbers and much more after the user granted "permission" to the app. "You have to say 'yes' to the application or it won't run," pointed out Harry Sverdlove, Bit9 CTO.

Games, entertainment and wallpaper apps especially seem to want to grab data, even though the their functions would seem to have little direct use for it.

Bit9 notes this doesn't mean these apps are malware per se, but they could do damage if compromised because the user has granted so much permission.


Read more: http://www.pcadvisor.co.uk/news/mobile-phone/3408388/security-research-labels-more-than-290000-google-play-android-apps-as-high-risk/



That almost half of the apps available for Android.

14 replies, 2466 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 14 replies Author Time Post
Reply Security research labels more than 290,000 Google Play Android apps as 'high-risk' (Original post)
onehandle Nov 2012 OP
SheilaT Nov 2012 #1
sir pball Nov 2012 #3
SheilaT Nov 2012 #9
dixiegrrrrl Nov 2012 #11
SheilaT Nov 2012 #12
sir pball Nov 2012 #14
Xithras Nov 2012 #2
rablrouzer Nov 2012 #4
.99center Nov 2012 #8
tkmorris Nov 2012 #10
qanda Nov 2012 #5
SoapBox Nov 2012 #6
.99center Nov 2012 #7
Hosnon Nov 2012 #13

Response to onehandle (Original post)

Thu Nov 1, 2012, 12:57 PM

1. Gosh. And people make fun of me because

I don't have a smart phone. Is there a chance I'm doing something right?

Added on edit: I am extremely wary of using a phone to pay for things at a check-out stand. I keep on thinking that it's not really as secure as I'm assured it is. What if one of those apps is designed to go straight to your checking account, or wherever you get the money from to pay for stuff with the smart phone, and then simply empties out your account?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SheilaT (Reply #1)

Thu Nov 1, 2012, 01:28 PM

3. Google Wallet links to a CC

It's not an "app" per se, it's just using a chip in your phone to replicate the chip in a tap-to-pay debit card or keyfob. The only actual access to your money is via the POS terminal in the store; if it would clean out your account using GWallet, it would also do it by swiping your card.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to sir pball (Reply #3)

Thu Nov 1, 2012, 03:06 PM

9. And people here are even more harsh about the suggestion to carry

cash.

They seem to think that by carrying twenty bucks or so in cash leaves one walking around below a giant neon sign that says "I have cash on me! Rob me!"

Personally, I prefer to pay for day-to-day purchases in cash, rather than trust a chip in my phone. Who is to say the chip in my phone, or the POS terminal at the store can't be hacked in some way?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SheilaT (Reply #9)

Thu Nov 1, 2012, 03:32 PM

11. During a power loss, the debit cards are worthless anyhow.

We have had town wide loss of computer power twice in the last few years
( road crew managed to cut the only 'puter line that town has, apparently)
and without cash, no groceries.
One of the cuts came on a Friday, which is payday for folks here. So of course no line repairs till at least Monday.
Lots of folks realized getting gas was a problem, too.




Reply to this post

Back to top Alert abuse Link here Permalink


Response to dixiegrrrrl (Reply #11)

Thu Nov 1, 2012, 03:51 PM

12. Yeah, like the power is ever going to go out.

In 1982 I was getting gas at a station in Minneapolis, where I then lived. I was always in the habit of simply putting a fixed dollar amount in the car, probably about $10.00 at that time. I finished pumping my gas and went in to pay, with cash, as I always do. They then had a power interruption and it was going to be a bit before anyone could use a credit card. I was able to give my cash and walk out ahead of anyone else.

Cash. It's so versatile. And welcome everywhere.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to SheilaT (Reply #9)

Wed Nov 7, 2012, 11:50 AM

14. I'm not making fun at all

I try to always have at least some cash on me. I should probably use it exclusively if for no other reason than it's a lot harder to overspend; you're much more conscientious of handing over real money as opposed to swiping a card.

Just saying that pay-by-phone really isn't any less secure than a tap-to-pay card or even a regular card. Cracks of NFC systems (any tap-to-pay systems) have been demoed but are pretty impractical; it's much easier to break the terminal. Had it happen to me just a few months ago actually, Rite Aid's systems were compromised so the bank issued new cards to everybody who had shopped there recently.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to onehandle (Original post)

Thu Nov 1, 2012, 01:22 PM

2. So....don't install them.

It's really simple. When you install an app on Android, the Play installer will tell you what the application gets access to. You have to APPROVE that access. If you download a wallpaper app that requests control of your entire phone, and you give it that access, then who is really at fault? It only takes a couple of braincells to figure it out. In fact, Androids app security model is pretty much identical to the security model Apple recently added in iOS 6. Android has always forced the app to ask permissions to anything, but iOS versions prior to 6 only required permissions for geolocation data...it was open season on everything else on the phone. I remind you of the Path debacle earlier this year in which an iPhone app was caught copying and uploading entire contact lists off of iOS devices. THAT'S a high risk app, and it's a scenario that has never even been possible on Android. Apple closed that security hole in iOS 6 by adopting the Android "ask for anything" model.

And the article itself says that they're moving onto Apple apps next. Permission trolling is just as pervasive on Apple devices as it is on Android devices, and Apple ignores it just as much as Google does. App writers can ASK for anything. If the user grants the app permission, that's the users problem.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to onehandle (Original post)

Thu Nov 1, 2012, 01:59 PM

4. This is pure crap and here's why

From the linkbait site:

* 42% access GPS location data, and these include wallpapers, games and utilities

There are many Android applications that use your GPS location data to provide local weather, and more. If you don't want applications using your GPS location, turn off GPS on your phone, or don't install weather, time, coupons, friend search, WiFi finders, games, or wallpapers.


* 31% access phone calls or phone numbers


It is phone for gawd's sake. There are lots of apps you may want to install to improve on the standard Google Apps. Turn on Facebook and surrender any illusion of privacy.

But more important, would you want an App (like a game) to keep your phone from ringing? Apps need to "know" the phone state, if for no other reason than to get out of the way when it rings.


* 26% access personal data, such as contacts and email


Can I just say "duh" here? Install a game to play over the internet with your friends, and it will access your contacts. Install a camera app or photo editor that "shares" photos, and it will access your contacts to share the picture.


* 9% use permissions that can cost the user money

Using your basic phone to make a call, sending an SMS, sending a text message, COST MONEY!

Buying a new "level" in a game CAN cost money. Subscribing to a music service like Spotify or Pandora CAN cost money.


CONCLUSION. This piece is pure propaganda. What is says applies equally to Android, iOS, Windows Phone, and Blackberry.

If you're careless enough to download wallpapers for hot Russian babes (or hunky Firemen), you may be pwned. Be careful. But don't let crud like the link here send you fleeing to an iPhone. You're no safer there. And if you think you have any privacy from Auntie Apple and her iAds, you ain't read her terms of service.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rablrouzer (Reply #4)

Thu Nov 1, 2012, 02:50 PM

8. This piece is pure propaganda.

+1

Reply to this post

Back to top Alert abuse Link here Permalink


Response to rablrouzer (Reply #4)

Thu Nov 1, 2012, 03:14 PM

10. Couldn't have said it better

Welcome to DU.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to onehandle (Original post)

Thu Nov 1, 2012, 02:01 PM

5. Wait, I thought Android didn't have many apps available

LOL Honestly, if you don't want to give someone permission then don't install the app-- you do have options.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to onehandle (Original post)

Thu Nov 1, 2012, 02:08 PM

6. You couldn't pay me to get an Android phone...

I've never trusted the "Droid" from day one.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to onehandle (Original post)

Thu Nov 1, 2012, 02:48 PM

7. Is it just a coincidence

that you dig up a misleading article about Apples competitors every time there's bad news for Apple? Adware on phones (including iphones) isn't LBN IMO.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to onehandle (Original post)

Thu Nov 1, 2012, 04:06 PM

13. One-man anti-Google machine. nt.

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread