400% Increase In Malware For Android

[andysayshi]

Applications for Google's Android portable OS have increased enormously over the past 12 months, making Android a genuine competitor to Apple's iOS platform for iPod Touch, iPhone and iPad.

But while the open nature of Android has some real benefits over the closed and controlled nature of Apple's iOS, it comes at a cost. Malicious content on the Android platform has exploded, with the result that there are now a number of anti-malware applications for the operating system. Google have been forced to remove applications from their App Market, but the open nature of the platform means that they can't really offer any meaningful protection for every Android user.

Here lies the great difference between platforms. Apple offers a frustratingly controlled system, but with unparalleled security. Google Android offers greater freedom and flexibility, but with added risk and limited quality control.

http://www.smh.com.au/digital-life/mobiles/google-android-malware-surges-400-per-cent-20110513-1el5p.html

 

[AlmondMilk]

Now I'm thinking I should have gotten a damned iPhone

 

[T-Rexx]

Android is NOT an insecure operating system, as the OP implies. It is every bit as secure as iOS.

But, Android is a platform which allows the end user a great deal of freedom. This includes the ability to circumvent some of the platform's security measures, should the end user choose to do so.

Yes, of course some people will get tripped up by this authority and end up installing malware on their Android devices. But some of us would rather risk this possibility in exchange for the freedom to do what we want, rather than have Apple put a ring through our noses and lead us around their safe and expensive little barnyard.

 

[andysayshi]

Here is a list of just some of the known malware apps that have been detected within the Android platform:

Full list of infected applications published by “Myournet”:

Falling Down
Super Guitar Solo
Super History Eraser
Photo Editor
Super Ringtone Maker
Super Sex Positions
Hot Sexy Videos
Chess
下坠滚球_Falldown
Hilton Sex Sound
Screaming Sexy Japanese Girls
Falling Ball Dodge
Scientific Calculator
Dice Roller
躲避弹球
Advanced Currency Converter
App Uninstaller
几何战机_PewPew
Funny Paint
Spider Man
蜘蛛侠

Full list of infected applications published by “Kingmall2010″:

Bowling Time
Advanced Barcode Scanner
Supre Bluetooth Transfer
Task Killer Pro
Music Box
Sexy Girls: Japanese
Sexy Legs
Advanced File Manager
Magic Strobe Light
致命绝色美腿
墨水坦克Panzer Panic
裸奔先生Mr. Runner
软件强力卸载
Advanced App to SD
Super Stopwatch & Timer
Advanced Compass Leveler
Best password safe
掷骰子
多彩绘画


Full list of infected apps under the developer name “we20090202″:

Finger Race
Piano
Bubble Shoot
Advanced Sound Manager
Magic Hypnotic Spiral
Funny Face
Color Blindness Test
Tie a Tie
Quick Notes
Basketball Shot Now
Quick Delete Contacts
Omok Five in a Row
Super Sexy Ringtones
大家来找茬
桌上曲棍球
投篮高手

Here is a list of known malware for Apple's iOS platform:

.

This diagram shows how just one Trojan makes its way into Android phones:

While you remain much safer sticking to the official Android Market, it's shown itself to also have vulnerabilities. Google had to remove 50 apps from the Market in March when they were discovered to contain malware.

 

[JB3]

Android is NOT an insecure operating system, as the OP implies. It is every bit as secure as iOS.

But, Android is a platform which allows the end user a great deal of freedom. This includes the ability to circumvent some of the platform's security measures, should the end user choose to do so.

Yes, of course some people will get tripped up by this authority and end up installing malware on their Android devices. But some of us would rather risk this possibility in exchange for the freedom to do what we want, rather than have Apple put a ring through our noses and lead us around their safe and expensive little barnyard.

Allowing for the installation of third party apps through unofficial means is itself a vulnerability and DOES make it a less secure platform than iOS. So does the fact that Google does not do an adequate job of parsing market apps for violators. A person running an iOS device will likely never install any app that is malicious; a person running an Android device has a much, much higher likelihood of doing so, even using only the official Market app. By its very definition a platform that allows a user to disable all of the security measures is not a platform that is totally secure. Merely having that option means it isn't as secure as it could be.

You should also note that Andysashi never called Android an insecure operating system; he just said that it is less secure than Apple's, which is completely accurate. But its a choice Google made with their platform, and its one that has definite benefits and drawbacks.

Also: I write this as I'm checking my LG G2X, so don't try and call me biased. I prefer Android for my phone and iOS for my media player/tablet.

 

[T-Rexx]

^ As I said, when you give people the freedom to circumvent the security measures of the platform, you allow them the opportunity to expose themselves to malware. Android end users choose whether or not to take the risk of installing software from unauthorized sources. This gives Android users tremendous power (there is even an app that lets Android users develop their own Android apps!). Apple users do not have that opportunity.

As to the malware-infected software which appeared on the Android marketplace, it was uploaded by a malicious developer. That could happen just as easily with the Apple App store. The malware in this case was discovered within days of being uploaded, was removed, and every phone which downloaded the infected apps had the apps removed remotely by Google. There is no known case where any of the malware which managed to get to end user phones ever managed to successfully exploit the vulnerability.

Here is a list of known malware for Apple's iOS platform:



.

I guess you don't consider the iOS 4.0.2 jailbreak tool (which also steals your passwords) to be malware.

http://www.cultofmac.com/malware-cl...lbreak-tool-is-stealing-users-passwords/60140


I guess you don't consider an iOS virus which erases all your phone's data (including the SIM card) to be malware.

http://gadgetsteria.com/2011/04/11/new-unlock-now-free-ios-virus-deleting-phonesim-content/



The latter above is particularly worrisome, as it does not require the user to actually install anything (as does virtually ALL of the Android malware). Merely visiting a malicious website with your iPhone and clicking on "UNLOCK NOW FREE" will infect you and destroy your phone and everything in it.

Kinda reminds you of Windows, doesn't it?


When you give people freedom, you give them the opportunity to misuse that freedom at the same time. That does not mean that freedom is a bad thing.

 

[andysayshi]

^ As I said, when you give people the freedom to circumvent the security measures of the platform, you allow them the opportunity to expose themselves to malware. Android end users choose whether or not to take the risk of installing software from unauthorized sources. This gives Android users tremendous power. Apple users do not have that opportunity.

I know. I said that in my opening post.

As to the malware-infected software which appeared on the Android marketplace, it was uploaded by a malicious developer. That could happen just as easily with the Apple App store.

But it hasn't, despite far greater volume of apps and despite having existed for longer. Why? Because of stricter controls. As I said in my opening post.

I guess you don't consider the iOS 4.0.2 jailbreak tool (which also steals your passwords) to be malware.

http://www.cultofmac.com/malware-cl...lbreak-tool-is-stealing-users-passwords/60140

No, I don't. It only effects iPhones that have been deliberately adjusted to circumvent Apple's system. It is no longer a true iOS device when it's jailbroken. That's like replacing the engine of your new Toyota and then blaming Toyota when it breaks down.

I guess you don't consider an iOS virus which erases all your phone's data (including the SIM card) to be malware.

http://gadgetsteria.com/2011/04/11/new-unlock-now-free-ios-virus-deleting-phonesim-content/

The latter above is particularly worrisome, as it does not require the user to actually install anything (as does virtually ALL of the Android malware). Merely visiting a malicious website with your iPhone and clicking on "UNLOCK NOW FREE" will infect you and destroy your phone and everything in it.

LOL. Two things:

(a) this is apparently a beatup - nobody seems to be able to prove this website even exists. It's almost certainly a hoax.

(b) even if it did exist, it could not possibly do what it claims to a non-jailbroken phone. The web browser has no capability to access the file system of the device. It's specifically built that way.

Kinda reminds you of Windows, doesn't it?

Actually, Android reminds me of Windows. It's a generic OS being installed across a wide range of hardware, with all the associated compatibility, variability and fragmentation issues that Windows enjoys. It's broader market also means it's more open to malicious infection, much like the Windows of old. iOS is built for a very limited range of hardware, so tends to provide a more consistent user experience. It's tightly controlled development market allows very little margin for malicious attack. Maybe it'll happen someday, but it hasn't yet, despite over 100 million devices being sold.

As I've already said, both environments have benefits and pitfalls. Choose the platform that better suits your purposes.

When you give people freedom, you give them the opportunity to misuse that freedom at the same time. That does not mean that freedom is a bad thing.

On this, we agree 100%.

 

[T-Rexx]

But it hasn't, despite far greater volume of apps and despite having existed for longer. Why? Because of stricter controls. As I said in my opening post.

It is just as possible that malware has been distributed, but that Apple is unaware of this because of LESS rigorous policing. But, given apple's famously obsessive secrecy, I'm not sure they would admit to a breach if they thought they could get away with covering it up. (Consider, for example, how Apple clandestinely had their software overestimate signal strength to give their phones the appearance of better performance. That went on for years. But we would never have discovered that without antennagate.)

It only effects iPhones that have been deliberately adjusted to circumvent Apple's system. It is no longer a true iOS device when it's jailbroken. That's like replacing the engine of your new Toyota and then blaming Toyota when it breaks down.

So, your point is that it is a vulnerability of the Android OS when Android owners install unauthorized software, but it is the fault of the end user alone (not the OS) when iPhone users do exactly the same thing.

(b) even if it did exist, it could not possibly do what it claims to a non-jailbroken phone. The web browser has no capability to access the file system of the device. It's specifically built that way.

That's a bunch of crap. iOS was successfully exploited at Pwn2Own 2007, 2009, 2010, and 2011. In every case, a remote exploit completely took over a fully patched and updated iPhone, with full access to the file system. All that was necessary in all cases was for the iPhone to visit a malicious web site. Not only is it possible, it has been done. Again and again and again and again.

All OSs are vulnerable to buffer overflows. ALL of them.

http://www.afterdawn.com/news/artic...droid_firefox_own_safari_ie8_ios_bb_get_pwned

Add Apple’s iOS and Research In Motion’s BlackBerry OS to the list of victims at this year’s [2011] Pwn2Own challenge. Conference veteran Charlie Miller, along with Dion Blazakis, deployed an exploit to iOS 4.2.1 through a vulnerability in Safari. By navigating to a custom-made webpage, the duo were able to execute remote code and gain access to the iOS address book.

http://www.bgr.com/2011/03/11/ios-blackberry-os-fall-at-pwn2own/

http://1stblogger.com/iphone-4-successfully-hacked-at-pwn2own-contestios-4-2-1/

 

[Telstra]

google should test ALL the apps first.
How do people know some apps are Malware

 

[T-Rexx]

google should test ALL the apps first.

Actually, I think they did. My understanding is that a developer infected the apps after they had cleared testing. But I don't know much about what actually happened.

The point is that nothing can protect you 100%. The app store is your best defense, but even that is not perfect. Not for Google and not for Apple.

I'm not convinced that Google is necessarily less diligent than Apple at maintaining its repositories. But, I don't think we've had enough experience with both yet to judge this fairly.

How do people know some apps are Malware

That can be very difficult to figure out.

 

[andysayshi]

So, your point is that it is a vulnerability of the Android OS when Android owners install unauthorized software, but it is the fault of the end user alone (not the OS) when iPhone users do exactly the same thing.

My point is that Apple only allow you to use apps they have vetted. Android places no such restriction on the user. Jailbreaking an iPhone is a breach of the Terms Of Service of an iOS device. Android has no such restrictions, so it's a LOT easier to acquire and use third party apps.

That's a bunch of crap. iOS was successfully exploited at Pwn2Own 2007, 2009, 2010, and 2011. In every case, a remote exploit completely took over a fully patched and updated iPhone, with full access to the file system. All that was necessary in all cases was for the iPhone to visit a malicious web site. Not only is it possible, it has been done. Again and again and again and again.

You raise an interesting point, I admit. I was aware of the exploits found in past iOS Pwn2Own attempts, although I'm a little confused about the actual damage any of these exploits could render. Your linked article mentions the ability to "execute code", but doesn't explain the ramifications of that. I'll chat to the iOS developer I know about that, but happy to stand corrected if I'm wrong that Safari can provide root access to iOS. It seems unlikely, but hey! Anything is possible.

As I've already said, neither OS's are invulnerable, and no doubt more exploits will be found in both platforms in the future.

But if we focus on real world vulnerabilities for a moment, lets get to the crux of the matter. This doesn't need to degenerate into a platform war.

Number of Apps containing malware on the Android platform: dozens, possibly hundreds. 50 of those were temporarily in the official Android Market.

Number of Apps containing malware on the official iOS platform: zero.

In the real world, today, those are the facts. It's obvious why, as we have both commented. Android offers greater freedom, with the associated loopholes that freedom provides.

Nowhere have I said one was better than the other. but it's important people are aware of these facts if they are making an educated choice between platforms. Some people will choose controlled security, others will choose freedom.

 

[T-Rexx]

My point is that Apple only allow you to use apps they have vetted. Android places no such restriction on the user. Jailbreaking an iPhone is a breach of the Terms Of Service of an iOS device. Android has no such restrictions, so it's a LOT easier to acquire and use third party apps.

Exactly. Some of us want the freedom to develop and install our own apps on our phones. We want the freedom to install and use apps our friends developed for us, or that our IT departments developed for us at work. We want the ability to access safe porn apps and safe apps from developers who compete with Apple.

You can't do any of that on an iPhone unless you jailbreak your phone. That is a flawed security model. Apple forces users to go to unauthorized (and potentially dangerous sources) in order to actually use their phones. It is also an interesting business model: In order to use an iPhone optimally, you must first "break" it. Apple does not believe that its customers can either make decisions regarding the software they want on their phones, or maintain a level of morality appropriate to someone who would buy products from Apple.

But, of course, when Apple forces users to go to dangerous sources to use their phones, you do not regard that as Apple's fault - that is the responsibility of the end user alone. But, somehow, it is Google's fault if Android users choose of their own accord to install software from alternative (but usually credible) sources.

You raise an interesting point, I admit. I was aware of the exploits found in past iOS Pwn2Own attempts, although I'm a little confused about the actual damage any of these exploits could render. Your linked article mentions the ability to "execute code", but doesn't explain the ramifications of that. I'll chat to the iOS developer I know about that, but happy to stand corrected if I'm wrong that Safari can provide root access to iOS. It seems unlikely, but hey! Anything is possible.

I appreciate that, as an Apple fanboi, you will be unable to accept the reality that iOS has been breached many times by researchers (most famously at pwn2own, but on many other occasions as well). And the exploits have been done remotely and have not required the installation of any software by the end user. Merely visiting a malicious website is enough to take over control of the phone. That is far more worrisome than an exploit which depends on tricking the end user into installing malware (which is what you complain about with Android). And remote exploits have only ever been demonstrated with iOS and Blackberry OS - never Android or Windows Phone 7.

Security expert Charlie Miller says that Apple has not taken security seriously in either iOS or OS X until the most recent releases of both platforms.

https://www.infosecisland.com/blogv...ner-Charlie-Miller-Discusses-OS-Security.html

But if we focus on real world vulnerabilities for a moment, lets get to the crux of the matter. This doesn't need to degenerate into a platform war.

Number of Apps containing malware on the Android platform: dozens, possibly hundreds. 50 of those were temporarily in the official Android Market.

Number of Apps containing malware on the official iOS platform: zero.

Okay, let's focus on the real world.

Number of times iOS is known to have been taken over remotely: several

Number of time Android is known to have been remotely compromised: zero

By your own logic, the inescapable conclusion is that iOS is dangerously less secure than Android.

In the real world, today, those are the facts.

 

[looseliam]

It is/was only a matter of time for any mobile os.

I see this not differently than me looking for some off-the-wall or pirated proggie and infect my device.

Caveat emptor.

 

[hotatlboi]

It's obvious that the walled garden of iOS would protect better against malware.

There is always a tradeoff between security and convenience.

I have a jailbroken iphone because I like the software for the iphone better and the fact that it interfaces with Mac apps better but I would rather the platform be more open honestly, then have less malware.

 

[andysayshi]

I appreciate that, as an Apple fanboi, you will be unable to accept the reality that iOS has been breached many times by researchers (most famously at pwn2own, but on many other occasions as well).

When you debase the discussion by relying on name-calling, there is little point in continuing. I've repeatedly conceded the weaknesses in both platforms, so I'm not even sure of the point you're arguing. The real world statistics I've posted remain, well, real.

Android malware apps: numerous

iOS malware apps: None.

Since you choose to lower the civility of the discussion to name calling, I'm done.

 

[andysayshi]

And remote exploits have only ever been demonstrated with iOS and Blackberry OS - never Android or Windows Phone 7.

Oh, and for the record, since you seem so determined to have an argument:

Skype for Android exploit allows grabbing of personal info

Android exploit so dangerous, users warned to avoid phone's web browser

Researcher outs Android exploit code

Researcher Publishes Android Browser Exploit

Hackers at Def Con Conference Exploit Android Bug

Flash Exploit can nail early versions of Android

It would seem that both platforms have the potential for exploits and vulnerabilities. But I already said that.

 

[JB3]

Exactly. Some of us want the freedom to develop and install our own apps on our phones. We want the freedom to install and use apps our friends developed for us, or that our IT departments developed for us at work. We want the ability to access safe porn apps and safe apps from developers who compete with Apple.

You can't do any of that on an iPhone unless you jailbreak your phone. That is a flawed security model. Apple forces users to go to unauthorized (and potentially dangerous sources) in order to actually use their phones. It is also an interesting business model: In order to use an iPhone optimally, you must first "break" it. Apple does not believe that its customers can either make decisions regarding the software they want on their phones, or maintain a level of morality appropriate to someone who would buy products from Apple.

But, of course, when Apple forces users to go to dangerous sources to use their phones, you do not regard that as Apple's fault - that is the responsibility of the end user alone. But, somehow, it is Google's fault if Android users choose of their own accord to install software from alternative (but usually credible) sources.




I appreciate that, as an Apple fanboi, you will be unable to accept the reality that iOS has been breached many times by researchers (most famously at pwn2own, but on many other occasions as well). And the exploits have been done remotely and have not required the installation of any software by the end user. Merely visiting a malicious website is enough to take over control of the phone. That is far more worrisome than an exploit which depends on tricking the end user into installing malware (which is what you complain about with Android). And remote exploits have only ever been demonstrated with iOS and Blackberry OS - never Android or Windows Phone 7.

Security expert Charlie Miller says that Apple has not taken security seriously in either iOS or OS X until the most recent releases of both platforms.

https://www.infosecisland.com/blogv...ner-Charlie-Miller-Discusses-OS-Security.html




Okay, let's focus on the real world.

Number of times iOS is known to have been taken over remotely: several

Number of time Android is known to have been remotely compromised: zero

By your own logic, the inescapable conclusion is that iOS is dangerously less secure than Android.

In the real world, today, those are the facts.

Apple patched the exploit that Charlie Miller used, btw. But go on with your hating. Its funny to watch.

(not to mention that iOS has never been compromised in the real world. Android, on the other hand...)

 

[andysayshi]

Apple patched the exploit that Charlie Miller used, btw. But go on with your hating. Its funny to watch.

That's the funny thing. Even from T-Rexx's own link, Charlie Miller compliment's iOS by saying:

So, now iPhone has full ASLR and DEP joining Windows Phone 7 as the only phones with this protection. iPhone has slowly been evolving security.

For the first year (2007) it was horribly insecure. Since then it has been much better, but still lacked DEP. Now it seems to be downright well designed.

It's clear that all the platforms are evolving constantly.

 

[JB3]

Oh look, a new data vulnerability was discovered that affects 99% of Android handsets....
http://gizmodo.com/5802705/android-data-vulnerability-how-to-protect-yourself

 

[Corny]

this doesn't seem to be an android problem per se, but a problem with how google services authenticate. this would mean this also could be a problem on your desktop, no matter which OS. from what i have read it must be a very trivial problem, which makes me wonder how on earth google could have missed it, and especially not reacted immediately. also they could severely limit the possibility to exploit this from their server side. i have the feeling something is missing here - i am curious to read details.