Related
http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.
Ur a good man
Sent from my PG86100 using XDA Premium App
Get an iPhone then.
Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.
Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.
if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning
This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol
Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.
I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.
Oh look iOS does this too.
/troll
DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
I'm thinking of getting a tab, and I'd like separate accounts for myself and my partner. Is it possible to have multiple accounts like you have in windows ?
Not possible as of now
Sent from my GT-P7510
ansonantonym said:
Not possible as of now
Sent from my GT-P7510
Click to expand...
Click to collapse
Not even with a custom rom (sorry I don't know if this is possible)?
Unfortunately, not possible yet. It's been a complaint about android for a long time now. I kind of forgot about it but now I realize I'm unhappy they didn't add it to ICS... Thanks for reminding me...
We just got a transformer tablet at work and we had to tie it to a public gmail account dedicated to this device but multiple users will need to use it and have it tied to their google apps account. This is a problem for us and the apps that 'divide' the tablet just cost too much for what they do. We have at least 4-5 people who would use it. This isn't a situation where we should just have a tablet for each employee. The scientific work we do requires so much equipment that it has to be shared and scheduled. The tablet is just another thing we have to pack up in the morning when we have field work on our project. Multi user android support is badly needed!
Hello,
According to the Android Design Principles
Never lose my stuff
Save what people took time to create and let them access it from anywhere. Remember settings, personal touches, and creations across phones, tablets, and computers. It makes upgrading the easiest thing in the world.
Click to expand...
Click to collapse
which I think is great. The app I'm designing involves storing photos and data about them. Is there a good way to back this up? I could sync with a webservice I could write/host, but then I'm opening myself up to potentially large bandwidth/storage charges.
I considered using drop box or something, but that would require my non tech savvy users to sign up. Is there any easy way to integrate the google cloud service (as my users will of course have a google account)? What do people normally do when they want to meet this design principle?
Many thanks
Russ_T said:
Hello,
According to the Android Design Principles
which I think is great. The app I'm designing involves storing photos and data about them. Is there a good way to back this up? I could sync with a webservice I could write/host, but then I'm opening myself up to potentially large bandwidth/storage charges.
I considered using drop box or something, but that would require my non tech savvy users to sign up. Is there any easy way to integrate the google cloud service (as my users will of course have a google account)? What do people normally do when they want to meet this design principle?
Many thanks
Click to expand...
Click to collapse
I believe there is an api for backing up user data to Google drive and since users will have a Google account they automatically have Google drive (Your app will have to request permissions to access users Google account I believe). This would be the easiest way to implement things as the drive api is a native part of Android, and you don't have to worry about bandwidth and hosting storage. In the past people have hosted there own storage for users to used and then usually tie this to an account users have to create. Overall, like I said I'd look into using the Google drive api.
Sent from my SCH-I535 using xda premium
shimp208 said:
I believe there is an api for backing up user data to Google drive and since users will have a Google account they automatically have Google drive (Your app will have to request permissions to access users Google account I believe). This would be the easiest way to implement things as the drive api is a native part of Android, and you don't have to worry about bandwidth and hosting storage. In the past people have hosted there own storage for users to used and then usually tie this to an account users have to create. Overall, like I said I'd look into using the Google drive api.
Sent from my SCH-I535 using xda premium
Click to expand...
Click to collapse
Thanks very much. A bit of an oversight on my part so I'll have a look through the API and see what it offers.
I do intend to charge a subscription for my app/service ultimately, but I think I need to make storage space the users problem to save myself sleepless nights.
I'll investigate and post back here what I find. If anyone can give me a link to an article on this I'd appreciate it.
Thanks
Russ_T said:
Thanks very much. A bit of an oversight on my part so I'll have a look through the API and see what it offers.
I do intend to charge a subscription for my app/service ultimately, but I think I need to make storage space the users problem to save myself sleepless nights.
I'll investigate and post back here what I find. If anyone can give me a link to an article on this I'd appreciate it.
Thanks
Click to expand...
Click to collapse
Here is the official Google documentation on using the Google Drive Api:
https://developers.google.com/drive/
Check out this article on network storage and android:
http://developer.android.com/guide/topics/data/data-storage.html#netw
As well as this article on using the backup api and cloud sync:
http://developer.android.com/training/cloudsync/index.html
Also since you talked about eventually charging a subscription fee here is the official android developer documentation on that as well:
http://developer.android.com/guide/google/play/billing/billing_subscriptions.html
Wonderful, thank you very much indeed! I will give those a good read over when I get chance and let you know how I get on. It seems this could definitely be the answer, saving me money concerns and allowing my app to be multi user and backed up.
What I need to do is get my head around how I will use the cloud storage to allow my app to be multi user. Potentially I can make my database file based, and sync between two devices that way. My only trouble is when both devices are editing the same file / working on the same thing. I want the app to work offline, as I don't want connection issues to affect its usage.
Hmmm, I'll give it some thought.
Thanks again!
Hi! Finally got my S23U and have begun setting it up.
All is good but was shocked to see the lack of multiple user feature on it. On my other android phone I create a "work" user which then has all settings/apps related to work. I can then switch amongst my profiles as needed. Note that my workplace pretty much controls the phone upon installing their security app (they could wipe out everything if need be) so these separate profiles is crucial.
I know Samsung has "secure folder" but unless I can have multiple of them it is not useful in this case. I cannot mix my personal stuff that I want to securely store with my work stuff on the same secure folder.
There are some apps on play store but are either non-standard (eg. Parallel Space) or not maintained (eg. Island).
Appreciate any suggestions.
Get a second work phone. I definitely wouldn't put their junkware on my personal phone!
[email protected] said:
Hi! Finally got my S23U and have begun setting it up.
All is good but was shocked to see the lack of multiple user feature on it. On my other android phone I create a "work" user which then has all settings/apps related to work. I can then switch amongst my profiles as needed. Note that my workplace pretty much controls the phone upon installing their security app (they could wipe out everything if need be) so these separate profiles is crucial.
I know Samsung has "secure folder" but unless I can have multiple of them it is not useful in this case. I cannot mix my personal stuff that I want to securely store with my work stuff on the same secure folder.
There are some apps on play store but are either non-standard (eg. Parallel Space) or not maintained (eg. Island).
Appreciate any suggestions.
Click to expand...
Click to collapse
You can install shelter from fdroid or island from google play and make a work profile without root.
spart0n said:
You can install shelter from fdroid or island from google play and make a work profile without root.
Click to expand...
Click to collapse
Thank you for the suggestions. I'll check it out.
blackhawk said:
Get a second work phone. I definitely wouldn't put their junkware on my personal phone!
Click to expand...
Click to collapse
My last option. Carrying two phone around is annoying when I could do it with just one before.
[email protected] said:
Hi! Finally got my S23U and have begun setting it up.
All is good but was shocked to see the lack of multiple user feature on it. On my other android phone I create a "work" user which then has all settings/apps related to work. I can then switch amongst my profiles as needed. Note that my workplace pretty much controls the phone upon installing their security app (they could wipe out everything if need be) so these separate profiles is crucial.
I know Samsung has "secure folder" but unless I can have multiple of them it is not useful in this case. I cannot mix my personal stuff that I want to securely store with my work stuff on the same secure folder.
There are some apps on play store but are either non-standard (eg. Parallel Space) or not maintained (eg. Island).
Appreciate any suggestions.
Click to expand...
Click to collapse
Shelter is your friend.
Multiple Users was supposed to be included in OneUI 5.0 and was available in their beta. But for some unknown reasons, they removed this stock Android feature from the stable build.
[email protected] said:
My last option. Carrying two phone around is annoying when I could do it with just one before.
Click to expand...
Click to collapse
Best to keep work and personal phones separate for a variety of reasons. Or simply only use/carry the work phone when at work. If your employer requires a work phone they should supply it... otherwise they shouldn't set requirements for a employee purchased phone.
blackhawk said:
If your employer requires a work phone they should supply it... otherwise they shouldn't set requirements for a employee purchased phone.
Click to expand...
Click to collapse
Agree.
blackhawk said:
Best to keep work and personal phones separate for a variety of reasons.
Click to expand...
Click to collapse
Can you elaborate on some scenarios when this will indeed be worth it, considering the inconvenience of carrying 2 phones.
TheMystic said:
Can you elaborate on some scenarios when this will indeed be worth it, considering the inconvenience of carrying 2 phones.
Click to expand...
Click to collapse
Just common sense. Keep your personal and business lives separate as much as possible.
Businesses are malware targets as well. You have no choice but to download business related e-docs. On my personal devices I closely monitor any downloads. Only installed 3rd party apps carry a higher risk of infection.
blackhawk said:
Just common sense. Keep your personal and business lives separate as much as possible.
Businesses are malware targets as well. You have no choice but to download business related e-docs. On my personal devices I closely monitor any downloads. Only installed 3rd party apps carry a higher risk of infection.
Click to expand...
Click to collapse
That's exactly what Profiles do. They isolate and keep apps and their data separate, and do not allow apps in one profile to access data on another profile.
TheMystic said:
That's exactly what Profiles do. They isolate and keep apps and their data separate, and do not allow apps in one profile to access data on another profile.
Click to expand...
Click to collapse
It also slows the phone's performance down. You're still using the same sim, ip address, hardware; not near enough isolation. I don't like the plan, sorry.
[email protected] said:
Hi! Finally got my S23U and have begun setting it up.
All is good but was shocked to see the lack of multiple user feature on it. On my other android phone I create a "work" user which then has all settings/apps related to work. I can then switch amongst my profiles as needed. Note that my workplace pretty much controls the phone upon installing their security app (they could wipe out everything if need be) so these separate profiles is crucial.
I know Samsung has "secure folder" but unless I can have multiple of them it is not useful in this case. I cannot mix my personal stuff that I want to securely store with my work stuff on the same secure folder.
There are some apps on play store but are either non-standard (eg. Parallel Space) or not maintained (eg. Island).
Appreciate any suggestions.
Click to expand...
Click to collapse
My S23U does have a Work profile (see attached screenshot) and, separately, a Secure Folder. They are not the same thing. It's basically like having three profiles on one device. My employer can only see the data in my Work profile.
blackhawk said:
It also slows the phone's performance down. You're still using the same sim, ip address, hardware; not near enough isolation. I don't like the plan, sorry.
Click to expand...
Click to collapse
I haven't seen any performance drop. You can turn OFF work profile when required, and that will disable access completely.
pyrolad said:
My S23U does have a Work profile (see attached screenshot) and, separately, a Secure Folder. They are not the same thing. It's basically like having three profiles on one device. My employer can only see the data in my Work profile.
Click to expand...
Click to collapse
How? Is it the US version?
pyrolad said:
My S23U does have a Work profile (see attached screenshot) and, separately, a Secure Folder. They are not the same thing. It's basically like having three profiles on one device. My employer can only see the data in my Work profile.
Click to expand...
Click to collapse
I'm having issues enabling the work profile. How did you do it?
I was able to get it to work by using Island instead of Shelter
[email protected] said:
How? Is it the US version?
Click to expand...
Click to collapse
I was able to get it to work by using the "Island" app. I've used "Shelter" for years but I don't think it's being developed anymore so I tried Island and it works.
Google Play Link
King-ish said:
I was able to get it to work by using the "Island" app. I've used "Shelter" for years but I don't think it's being developed anymore so I tried Island and it works.
Google Play Link
Click to expand...
Click to collapse
Island repo hasn't had any activity since Sept 2021.
[email protected] said:
Island repo hasn't had any activity since Sept 2021.
Click to expand...
Click to collapse
Their app was updated February of last year. My understanding is since these apps (Shelter/Island) are only making the work profile more accessible, there isn't a lot of development unless there is a major underlying change to the OS or Work Profile framework like with Android 13. The Android 13 beta was released February 10, 2022 and the last Island update was February 22, 2022.
My
[email protected] said:
Island repo hasn't had any activity since Sept 2021.
Click to expand...
Click to collapse
My preferred app for this is Shelter and I thought they abandoned it, but it looks like they update their app on F-Droid.
Shelter | F-Droid - Free and Open Source Android App Repository
Isolate and run multiple instances of apps using Work Profiles
f-droid.org
@King-ish Thanks! Went with the FOSS implementation of Island at Insular.
Have the work profile setup.