News - Android most attractive target for mobile malware writers

[HEXUS]

75 per cent of mobile malware now targeting Android OS.

Read more.

[kingpotnoodle]

It's the age old problem Microsoft have with Windows - whoever has the largest market share will get the largest share of hacks/exploits/malware unless they can make perfect security - which nobody can. Even Apple's tightly walled garden can be torn down with simple exploits used in jailbreaking.

[crossy]

Can't say I'm particularly surprised that a company that sells anti-virus products for phones should be producing a report showing that mobile OS malware is on the increase. Presumably with a nice link to F-Secure Mobile Security's web page at the end of the report?

Less than impressed with the advice to 'stick to the official app stores' as it's pretty obvious/common-sense advice. Heck, it's been said before - you need to go out of your way on Android to use other app stores!

Quick thing on F-Secure's product - not only does it appear to only support old OS revisions, (e.g. doesn't support Android 2.3 that's been out for many, many months), but at £29.95/year it's expensive. AVG's "Pro" version is only £6.30 (purchase, not annual subscription) and McAfee's and Symantec's equivalents are £24.99 and £29.99 per year respectively.

[alfabet0]

What is the general consensus on the Samsung app store is it safe or a gamble?

[crossy]

What is the general consensus on the Samsung app store is it safe or a gamble?

Same deal as with the app stores that some of the telecom's companies run.

Not that I'm claiming any kind of expertise but the "Security 101 - Lesson 1" for Android was that if you have that "Allow unknown sources" ticked then you need to be careful.

So getting back to SamsungApps - personally I would have thought that (arguably) safer than Google Play. There's going to be a lot fewer apps on there, so I would have thought that Samsung's quality control should squelch any nasty apps.

Nearest I can get to that app store is the stuff punted by the "TegraZone" on my tablet - although in that case TZ seems to be a front to Play. Is SamsungApps a front end like TZ, or is it a proper standalone app store like the Amazon one is - or at least will be when they get around to launching it in the UK!

[Malphas]

Of course this is to be expected since Android is to smartphones what Windows is to PCs. Ubiquitous, on a wide variety of different hardware, multiple different versions all running simultaneously within the ecosystem, etc.

[alfabet0]

Thanks crossy wasn't expecting such an intelligent/informed reply some of it was above my understanding :-)
I've also been holding out for the UK Amazon app store to open, not knocking the play store put as an ex iOS user I find the google play store to be a mess third party apps with the charts seemingly static with the same app's at the top for months on end at prices I'd rather spend on steam PC games.

[crossy]

Thanks crossy wasn't expecting such an intelligent/informed reply some of it was above my understanding :-)

You're very welcome - my apologies that some of my reply was "rocket science". Funnily enough, my employer also is getting into this, on the company intranet this week was the following article (edited to remove some company-specific info):

A new piece of malware called DFKBootKit now is making the rounds on Android devices. This malware repackages legitimate applications with malicious code. DFKBootKit can be found on applications that manage other installed apps or those that unlock games or premium apps requiring a fee.

Typical apps this malware is known to target include ROM Manager, ES File Manager, and illegal versions of game unlockers and license keys that often are downloaded from pirate-content sites. Once installed, the malware connects to remote control servers and awaits commands from attackers.

Most mobile anti-malware applications are not sufficient to free your phone from malware. To protect personal and company data on your Android device, consider the following mitigation steps:

o Download applications only from trusted sources (i.e., Google Play Marketplace, Amazon App Store, etc.)
o Closely monitor permissions requested when installing applications. Make sure applications are not asking for more permissions than they should need.
o Stay current on active threats by regularly checking Threat Advisories.
o Ensure your mobile devices are compliant with the Security Requirements.

As always, thank you for making cyber security a priority.

Note that they're not saying that ROM Manager, ES File Manager are trojans (I hope not because I've got the latter of those on my tablet!!), merely that if you get them off of an untrusted source then it's highly likely that they've been "extended".

There was an earlier article that basically said that - unless you know what you're doing, and are very, very sure that the source is legitimate - you should NEVER allow untrusted sources and never install an apk (app install kit) that you've downloaded from the internet.

I've also been holding out for the UK Amazon app store to open, not knocking the play store put as an ex iOS user I find the google play store to be a mess third party apps with the charts seemingly static with the same app's at the top for months on end at prices I'd rather spend on steam PC games.

Google Play IS a mess - no argument. It always amuses me that a company that prides itself in organising and searching information can deliver such a disorganised, barely searchable mess. Some times its actually easier to use the web version of the store (play.google.com) and push out an app to your phone. I've not seen the highly-priced gear you're talking about though - the most I've spent was £20 and that was for the CoPilot Live sat-nav app (Google Maps is fine ... until you go outside the data coverage area!). Hopefully Amazon's app store will be a bit easier to use - let's be honest with their track record, it darned well should be!

[miniyazz]

Precaching helps with Google Maps. Only takes a couple of minutes to cover any areas you may be needing Sat Nav to cover. Not ideal, but better than not having it.

[crossy]

Precaching helps with Google Maps. Only takes a couple of minutes to cover any areas you may be needing Sat Nav to cover. Not ideal, but better than not having it.

As you say, better than not having it at all. CoPilot stores it's maps locally, so okay it's a big app (but easy to move to a nice large uSD card) but on the other hand as long as you've got battery power and GPS is cooperating then you're good to go.

Google Maps is pretty good on the whole, and if I could rely on a (data) signal from Three then I'd probably not need CoPilot. On the other hand, it'll be CoPilot I use as sat-nav when I go to the States.