Owners to blame for latest Android malware

Owners to blame for latest Android malware

Summary: Over on ComputerWorld there's a story about a rogue Android app doing the rounds that runs up big texting bills behind the user's backs by sending messages to premium rate numbers. However, when you strip away the hype, Android handset users hit by this only have themselves to blame.

SHARE:
TOPICS: Security, Malware
40

Over on ComputerWorld there's a story about a rogue Android app doing the rounds that runs up big texting bills behind the user's backs by sending messages to premium rate numbers. However, when you strip away the hype, Android handset users hit by this only have themselves to blame.

Here's the nasty in question:

The cyber criminals grabbed a copy of Steamy Windows, then added a backdoor Trojan horse - "Android.Pjapps" by Symantec's label -- to the app's code. The reworked app is then placed on unsanctioned third-party "app stores" where unsuspecting or careless Android smartphones find it, download it and install it.

...

"The Trojan lets them send SMS [short message service] messages to premium rate numbers," said Thakur, for which the hackers are paid commissions.

OK, let's count the ways that users are to blame:

  • Configuring their handsets to allow the download and installation of non-Android Market apps. This is the first, and probably biggest mistake. The restriction is there to protect users from themselves. Most handsets make it clear as to the implications of lifting this restriction. For example, here's the warning that HTC user:"Warning: Having this option enabled makes your phone and personal data more vulnerable to attack by applications from unknown sources. You agree that you are solely responsible for and damage to your device or loss of data that at result from using these applications."Seems like a pretty clear warning to me. The sort of thing that you ignore at your peril. 
  • Downloading apps from random third-party app stores. The Internet is a dodgy place, where a lot of stuff is not as it seems. Having the freedom to download and install any and all crap you come across might seem cool, but when things go wrong, you only have yourself to blame. Stick to trusted sources.
  • When you install any Android app, it explicitly asks for permissions to perform various categories of activities. This is displayed for a reason. Read it. Understand it. And if in doubt, DON'T give an app permission to do stuff that could backfire on you.

As much as some elements of the media (along with security firms) want to portray this as a big deal for Android users, it isn't. It only affects people who've taken the foolhardy step of choosing to lift restrictions put in place to protect them.

Topics: Security, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

40 comments
Log in or register to join the discussion
  • RE: Owners to blame for latest Android malware

    sweet. so Microsoft can blame all the Windows *users* for malware too, right? And not that the OS permitted __ actions?
    bc3tech
    • RE: Owners to blame for latest Android malware

      @bc3tech Use internet explorer, browse the web. You don't have do to anything other than browsing the web, and you are infected.

      Different case.
      tatiGmail
      • RE: Owners to blame for latest Android malware

        @tatiGmail

        Wrong. If you are using anything above Windows XP (Vista or 7), that isn't possible anymore because of the sandboxing of IE in those two operating systems.
        Lerianis10
      • RE: Owners to blame for latest Android malware

        @tatiGmail That was true at one time but the days of "drive by" malware are over... especially when one uses an alternate browser such as Chrome or FireFox.

        So no, not really all that different.
        athynz
      • RE: Owners to blame for latest Android malware

        @tatiGmail

        Read what @Lerianis10 said. He speaks the truth. But naw, we all need to switch back to XP! Long live XP!
        The one and only, Cylon Centurion
      • RE: Owners to blame for latest Android malware

        @tatiGmail

        Firefox is vulnerable to some XSS attacks, too. That is why all the cool kids run NoScript with Firefox.
        mejohnsn
    • RE: Owners to blame for latest Android malware

      @athynz: No, you're wrong. Drive-bys using PDFs or Java will run on Firefox.
      nightbirdsf
      • RE: Owners to blame for latest Android malware

        @nightbirdsf

        Yes, and web browsers and add-ins still have bugs (on PCs and mobiles). Just look at the annual Pwn2Own results for one example.
        WilErz
  • RE: Owners to blame for latest Android malware

    I blame Android and Google for not having controls in place to prevent this.
    Loverock Davidson
    • RE: Owners to blame for latest Android malware

      @Loverock Davidson Controls are in place. Those who would give up freedom for security, deserve neither.

      To be fair to symantec, they have labeled this threat as "Low"
      tatiGmail
      • What "freedom"? Google banned whole classes of apps from AppMarket

        @tatiGmail: and enforced it's subscription fees.

        So it is more correct to say that it has <b>somewhat</b> more freedom, but yet seriously less security and consistency.

        Also, Google supported proposals for "Net neutrality" rules, which would allow wireless operators to set IP routing preferences to resources which would pay to them -- id est Google. By the way, this lobbying from Google directly contradicts to their 2006' statement, where they boldly claimed they against such kind of money-regulated internet.

        I should remind that Internet use shifts to wireless major way, especially with countless Wi-Fi hotspots being controlled by the likes of Verizon and such.

        <b>Google is evil</b> for a long time already.
        DDERSSS
      • RE: Owners to blame for latest Android malware

        @tatiGmail

        Freedom would come into it if you were required by law to buy these products. Without any legal requirement to buy an iPhone, for example, Apple's decision to use software controls to limit malware threats to their users (a) has got nothing to do with freedom and (b) in the aggregate probably does more good than harm. If you don't like the policy, you're free to buy something else.
        WilErz
      • RE: Owners to blame for latest Android malware

        @wilErz What are you talking about? the freedom comes from be able to install this dirty app, just because a user turns off the security setting to install untrusted apps (which is enabled by default BTW) then goes to an untrusted source to download that app and installs it, how is that googles fault? at least google doesnt threaten to brick rooted phones like apple has done in the past...
        nickdangerthirdi@...
    • RE: Owners to blame for latest Android malware

      @Loverock Davidson The controls are in place - it's a nice little option that one can change at any time with a warning window. IMHO once the user clicks on that option and acknowledges the warning box then if they get malware on the device it is all their fault.

      So really it's just like if someone jailbreaks an iOS device or roots (jailbreaks, whatever the term is for hacking the WP7 OS) a WP7 device and installs malware on the device in question then it IS the user's fault not the fault of the device, the manufacturer, or the OS developer.

      However for the iOS (and WP7 devices AFAIK) devices one must actively hack the device to allow the alternate app sources rather than just select an option in the device settings.
      athynz
      • RE: ...roots (jailbreaks, whatever the term is for hacking the WP7 OS) a WP

        @athynz

        I would call that <b>increasing the user 'experience'</b>.
        fatman65535
    • RE: Owners to blame for latest Android malware

      @Loverock Davidson Thanks! I had a popup saying that my PC was infected and I should turn off windows firewall and install the software, I paid using my credit card and run a scan. Now for some reason my credit card has been used all over the world (must be my mistake). Also about once a week I get an error message saying I should have to update my credit card details to Microsoft as my copy of windows must be fake? Microsoft were very good to me by safely encrypting all my documents and asking me to pay to unencrypt them. All this because Windows allowed me to do it, does that mean I can thank Microsoft for all the security programs I am told to download every week???

      Wow thank you Microsoft for letting me turn off default security and bypass every security option so I can be safe! A bit pricey but hey!
      Parassassin
      • RE: Owners to blame for latest Android malware

        @Parassassin,
        Are you serious?
        You get a popup, and you turn off your firewall, install "something" off the internet AND pay for it?
        Then you blame Microsoft?
        I'll stop here, it's not funny.
        radu.m
      • RE: I'll stop here, it's not funny.

        @radu.m<br><br>It is not @Parassassin's fault, as this lousy forum strips out &ltsarcasm> tags.
        fatman65535
    • RE: Owners to blame for latest Android malware

      @Loverock Davidson they do have controls in place to prevent it, YOU have to turn those off... if YOU dont turn them off then you arent affected
      nickdangerthirdi@...
  • RE: Owners to blame for latest Android malware

    Might have been better to not actually allow users to make these dumb decisions (because they will). But then you'd have the iPhone's security model which Google's "cool kids" want to convince us is bad.

    Thing is, a compromised cell phone is so easy to monetize that perhaps strict rules (and yes locking down) makes sense.

    Additionally Google don't do (and to be fair don't claim to) basic security checks on the apps in their market place anyway...
    jeremychappell