Related
http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.
Ur a good man
Sent from my PG86100 using XDA Premium App
Get an iPhone then.
Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.
Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.
if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning
This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol
Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.
I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.
Oh look iOS does this too.
/troll
DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
I want to disable the E911 on my phone. People if you dont agree keep it to yourself. I want to disable it. It should not matter why I want to especially not on site designed for people customizing the hell out of their phone. If you think I am paranoid I think your a sheep.
Can anyone actually provide some beneficial help towards my goal.
Maybe being a little more nice will get you your answer. You get more flies with sugar than vinegar.
Sent from my SCH-I500 using xda premium
Do you want to just disable E911 or disable all phone functionality? I haven't seen any way to just disable E911 on any mobile device. By default, every manufacturer puts stuff in that lets 911 locate your phone, and there is no way to disable it in software or hardware without basically stripping the software of its phone functions.
If you are still interested, and want software that strips this phone of all phone services and apps (including E911) try the GeeWiz Media ROM
As a Communications supervisor in a 911 center, I can tell you firsthand that disabling e911 won't prevent us from locating you. I've disabled e911 on several android phones that I've owned over the years and it still reports your Phase II Lat/Long
Sippi4x4man said:
As a Communications supervisor in a 911 center, I can tell you firsthand that disabling e911 won't prevent us from locating you. I've disabled e911 on several android phones that I've owned over the years and it still reports your Phase II Lat/Long
Click to expand...
Click to collapse
lol sippi, idk about the OP's reason for this, but ive personally seen people i know last week disable e911 on their phones (through ways like the Geewiz media rom+software mods) to do a drug dealing of all things, little did they know what u said was true and they were tracked not only by 911, but also by the stupidity of leaving my app (SMS Tasks) on their phones, leaving the person who ratted them out (not me but they did know their pass phrase), gave their phone to the local authorites and gave them the command [email protected]****** and with the version my app had on it (unofficial build), it located them with google-maps link that was clicked and gave a perfect track (because the people had gps on of all things), thus leading to the arrest (i personnaly felt good about it cause if i didnt make that app (SMS Tasks) they would be on the loose for a little bit longer causing who knows what cause the police officer said that they were having trouble tracking them with the e911 system for a "unknown error reported" as they told him so idk if it was a glitch with the tracking in my area's e911 or they acually disabled whatever it is that makes them track you (please dont reply with what it was just to be safe), but my app acually lead to an arrest =) so by what i saw i think there might be some workaround, or just a glitch, im not encouraging it one bit, but i know personally that there was at least one person capible of doing it (again unless it was a glitch in their system) =S
I'd also be curious to learn to disable this. I, unlike the previous poster, wouldn't pride myself on incarcerating someone for a business transaction and otherwise victimless crime.
If anything, the post above highlights exactly why you should not install apps which ask for unnecessary permissions, because some nanny state developer just might invade your privacy and track your movements instead of focus on the purpose of the app.
Domush said:
I'd also be curious to learn to disable this. I, unlike the previous poster, wouldn't pride myself on incarcerating someone for a business transaction and otherwise victimless crime.
If anything, the post above highlights exactly why you should not install apps which ask for unnecessary permissions, because some nanny state developer just might invade your privacy and track your movements instead of focus on the purpose of the app.
Click to expand...
Click to collapse
its acually a function of the app, not invasion of privacy, my app is open-sourced on my gitbub as-is for the app's released versions, thats locate command is one of the listed features on the thread, i update the github more then the thread but all the commands are safe, it was just some clever ideas for them to use my app to solve a criminal case thats all, as for the "business transaction and otherwise victimless crime" heroin and drug dealing is highly illegal in this area where it took place at, and the now ex-girlfriend of the guy was a victim from it because before he got out to buy it he beat her black and blue... >=( theres nothing funny about drug dealing making it a "victimless crime" as its a nuicence in our society no matter how many "benefits" people say it has, as for my app its clearly states in the thread for you to keep your pass phrase a secret, as he didnt, and all the commands+usage are all on there and clear warnings for the potentially dangerous commands, but the version he had on his phone was a newer beta test version that uses google-maps links instead of general GEOLocation area. all that was done was completely legal, and not abuse of my app or permissions as it still gives people to where it tells who sent the message in the tracking menu (by phone number) since its a new feature in my beta tester version so it did give full telling who it came from. but ive already been given warnings by the police from an earlier situation with the same people on the same kind of activity about regulations on tracking without consent, so i had to add that prompt to show who initiated the tracking, and am working on a button that will stop it remotely. so until i can comply with the regulations, while keeping it stable, i havent been able to update the app with them untill i get the new tracking system with prompts stable, but to do all that with the new systems i have in the app it needs to be installed in CWM recovery cause the system-app Reboot permissions, and better GPS/wifi Toggling
sorry if it seems like im ranting, im truly not, but that situation was really personally to me and i felt like what i did was the right thing, not a "abuse of permissions app", or to "incarcerating someone for a business transaction and otherwise victimless crime.", as it was more for the fact that he beat her and then he want to do an illegal activity
Wow, Im sorry for the long delay. I had switched phones and forgot all about this thread. I appreciate ALL who provided input. I still dont like the idea of it, but it doesnt bother me as much.
Not sure how far back...
Preexisting rom file from pre-e911 might work
but also something well known, used, and won't turn out to spy on me....
Thank you.
oy-ster said:
but also something well known, used, and won't turn out to spy on me....
Thank you.
Click to expand...
Click to collapse
KiK, WeChat, HAngouts, LINE, Viber...
Primokorn said:
KiK, WeChat, HAngouts, LINE, Viber...
Click to expand...
Click to collapse
Thank you very much!
There are however some problems with those options...
Viber/Line/WeChat- What is less intrusive about them? (if anything I see even more permission demands).
Hangouts- Same problem, plus it's Google (the less information they have the better).
Kik- Now that was a somewhat promising candidate but after researching a bit I found that it secretly saves all your contact data on their servers ( http://dcurt.is/stealing-your-address-book ), a fact that make me suspect they do more surreptitious things as well.
Also, I was told that it cooperates closely with the police/inteligence agencies/other goverment institutions... so that makes me suspect them even more.
oy-ster said:
Thank you very much!
There are however some problems with those options...
Viber/Line/WeChat- What is less intrusive about them? (if anything I see even more permission demands).
Hangouts- Same problem, plus it's Google (the less information they have the better).
Kik- Now that was a somewhat promising candidate but after researching a bit I found that it secretly saves all your contact data on their servers ( http://dcurt.is/stealing-your-address-book ), a fact that make me suspect they do more surreptitious things as well.
Also, I was told that it cooperates closely with the police/inteligence agencies/other goverment institutions... so that makes me suspect them even more.
Click to expand...
Click to collapse
It was only suggestions coz I don't use this king of apps.
Have you ever heard of XPrivacy?
Primokorn said:
It was only suggestions coz I don't use this king of apps.
Click to expand...
Click to collapse
Oh sure, didn't mean to make it sound like I'm complaining or anything, I'm grateful for any suggestions (which I want more of ).
Primokorn said:
Have you ever heard of XPrivacy?
Click to expand...
Click to collapse
Yeah... It's a root application. Unfortunately rooting is not an option, the device must stay intact as recieved. That is why I'm looking for an app that I can trust to begin with...
oy-ster said:
Yeah... It's a root application. Unfortunately rooting is not an option, the device must stay intact as recieved. That is why I'm looking for an app that I can trust to begin with...
Click to expand...
Click to collapse
Good luck ^^. I think all mainstream apps require almost the same permissions.
I have attached the permissions requested by Telegram app, the russian Whatsapp
I'm not sure if telegram is good. The tech press were giving it quite a bit of coverage previously because it is meant to be secure and encrypted.
But I have not yet tried it!
Thanks,
Telegram is a good suggestion but I'll pass on that too, due to: a) apparently it is actually more problematic than Whatsapp security wise on some aspects (stored messages), though much better on others ( http://security.stackexchange.com/questions/49782/is-telegram-secure ), and b) I still don't like some of the permissions ...
I was wondering... my searches led me to this app called Surespot ( https://www.surespot.me/ ), putatively it seems like a convenient solution and it is ostensibly open sourced... The thing is, I have no idea how to evaluate its trustworthiness. True, it requires fewer permissions, but better having an intrusive legitimate app than a privacy conscious malware .
At least with whatsapp I have some trust in the publisher not to cross several lines (ie. abuse his permissions) while the other program... Opensource- sure, but how many people actually bother to inspect it? And warn others? And can the code be remotley changed? (though I suppose it is a security flaw so it should be warned about)...
Anyway, thanks and would appreciate more suggestions.
oy-ster said:
Thanks,
Telegram is a good suggestion but I'll pass on that too, due to: a) apparently it is actually more problematic than Whatsapp security wise on some aspects (storaged messages), though much better on others ( http://security.stackexchange.com/questions/49782/is-telegram-secure ), and b) I still don't like some of the permissions ...
I was wondering... my searches lead me to this app called Surespot ( https://www.surespot.me/ ), putatively it seems like a convenient solution and it is ostensibly open sourced... The thing is, I have no idea how to evaluate its trustworthiness. True, it requires fewer permissions, but better having an intrusive legitimate app than a privacy conscious malware .
At least with whatsapp I have some trust in the publisher not to cross several lines (ie. abuse his permissions) while the other program... Opensource- sure, but how many people actually bother to inspect it? And warn others? And can the code be remotley changed? (though I suppose it is a security flaw so it should be warned about)...
Anyway, thanks and would appreciate more suggestions.
Click to expand...
Click to collapse
Check out WICKR. Super slick and ultra secure.
Sent from my HTC One using XDA Free mobile app
indeed I checked it. I don't know, less than 5000 downloads...
Its an unknown publisher with closed source code... Don't know if I like it.
Plus, apparently there is all sort of criticism about its claimed security precisely because of the closed code.
Hi there everyone,
since I was pretty interested in reading latest XDA article 'Baidu browser found to be leaking. etc', and I was also into the constant research of the best settings for Amplify Xposed Module for my RN2 Prime, running Jan 7 Bule's cm 12.1, I was pretty curious to know more about a massive battery drainer system app named 'ckservice.apk', aka package name Statassistant.
Shortly (read more detail on my on my original post: http://forum.xda-developers.com/showpost.php?p=65566921&postcount=8201), this app constantly asks for position, and, I found it to be a BAIDU app "download advertising without the user's knowledge to the notification bar."
So, I have AdAway since.. always, and that means there is no Advert message ever popping up on my RN2, - yet, its Alarm 'com.ck.services.intent.ACTION_ONEMIN_TICK' was acting obsessively, always topping Amplify stats: initially I gently limited it through Amplify and denied permissions through Privacy Guard: currently, I've frozen this app I've removed it! (cfr http://forum.xda-developers.com/showpost.php?p=65567564&postcount=8206): no collateral effect happened, - only good battery life. And maybe a sip more of privacy.
I do not know if this app is also present in MIUI, but I guess so.
If You know more than me about this app, and I'm sure you do, please, share.
More about my experience, here http://forum.xda-developers.com/showpost.php?p=65566921&postcount=8201
One 'ckservice.apk is a trojan!' here https://github.com/Silentlys/android_device_tcl_q39/issues/4
Peace out.
"it was, download game apks not in foreground, and after some times updating, it has less sharpen within trojan. usually use it as a rom-flash counter..i decompiled this apk before.". It's safe guys. And we can uninstall or freeze it if we want ?
sleizi said:
"it was, download game apks not in foreground, and after some times updating, it has less sharpen within trojan. usually use it as a rom-flash counter..i decompiled this apk before.". It's safe guys. And we can uninstall or freeze it if we want
Click to expand...
Click to collapse
Please, define 'safe'... anyway, it was a total battery drainer, alarms always at top.
Anyway, you can remove it safely, no collateral effects.
I'm amazed that there has not been more posts on XDA given that the Baidu APK / Moplus APK put rooted users at particularly high risk!
http://www.engadget.com/2015/11/02/bunk-baidu-sdk-puts-backdoor-on-millions-of-android-devices/
Things are only partially fixed but I don;t trust Baidu anyhow (or Cheetah, or any of those Chinese app companies due to the govenrment) as it seems quite obvious to me the CHinese Government has got their finger in there and it and other apps are compromised so that the Chinese Government can easily spy/gain data on those people they want to, I've uninstalled one of my favourite apps ES File Explorer due to this.
see updates at the end
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
IronRoo said:
I'm amazed that there has not been more posts on XDA given that the Baidu APK / Moplus APK put rooted users at particularly high risk!
http://www.engadget.com/2015/11/02/bunk-baidu-sdk-puts-backdoor-on-millions-of-android-devices/
Things are only partially fixed but I don;t trust Baidu anyhow (or Cheetah, or any of those Chinese app companies due to the govenrment) as it seems quite obvious to me the CHinese Government has got their finger in there and it and other apps are compromised so that the Chinese Government can easily spy/gain data on those people they want to, I've uninstalled one of my favourite apps ES File Explorer due to this.
see updates at the end
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
Click to expand...
Click to collapse
Yep, I did the same with ES File Explorer, I've been for years a die hard fan of this app, but, then I discovered there was suddenly - after app updates on updates - now a log file (with position and ID) sent to a Chinese server, automatically created each time I would have opened the app, which frankly pissed me off, plus, there was a related Alarm (or wakelock), - at stellar values (dxcore something, and service com.estrongs.android.pop.ESFileExplorer - can't remember exactly right now, since I remove the app), pretty visible on Wakelock detector and un-stoppable through Amplify.
So, bye bye Es File Explorer, and thanks for all the fish.*
*I don't mind if people find this 'little issue with privacy' laughable: I agree fully with what written here http://acurrie.me/2014/11/03/how-to-find-spyware-on-your-android-device/ - pretty underrated as issue, if you want my two cents.
IronRoo said:
I'm amazed that there has not been more posts on XDA given that the Baidu APK / Moplus APK put rooted users at particularly high risk!
http://www.engadget.com/2015/11/02/bunk-baidu-sdk-puts-backdoor-on-millions-of-android-devices/
Things are only partially fixed but I don;t trust Baidu anyhow (or Cheetah, or any of those Chinese app companies due to the govenrment) as it seems quite obvious to me the CHinese Government has got their finger in there and it and other apps are compromised so that the Chinese Government can easily spy/gain data on those people they want to, I've uninstalled one of my favourite apps ES File Explorer due to this.
see updates at the end
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
Click to expand...
Click to collapse
Try Solid Explorer
Sorry for offtop.
oldslowdiver said:
*I don't mind if people find this 'little issue with privacy' laughable: I agree fully with what written here http://acurrie.me/2014/11/03/how-to-find-spyware-on-your-android-device/ - pretty underrated as issue, if you want my two cents.
Click to expand...
Click to collapse
Yes, that fact this has been a known issue for a while but no attempt to fix it 100% (think it was the trendmicro blog that suggested a backdoor would still be able to be opened even after the latest updates, that's why I think it's the government). What I really want to find is a FULL list of all the apps that have been made with the Baidu SDK / Moplus SDK as I'm sure many written by app devs in far east (no doubt some Western ones too) will have them for Chinese advertising etc, I know I have apps from devs in Hong Kong & Korea at the very least, have they used these SDK? Also I have some friends in Hong Kong who I know have made comments against the CCP...... have they been traced, recorded, tracked etc