programming4us
programming4us
SECURITY

Do You Really Need Security?

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Are the many Android virus claims fact or fiction and should you be worried?

Malware, Viruses, attacks, phone numbers being stolen, lives put at risk, solar flares wiping out the communications grids… all of these scenarios have been blamed on Android recently, as anti-virus companies pitch Google’s mobile operating system as the next worst thing that will ruin your life.

Description: Symantec reports that a maximum of 49 devices were infected with the Android.Nickispy trojan

Symantec reports that a maximum of 49 devices were infected with the Android.Nickispy trojan

But does Android malware really exist? Or is it just a myth, proven only in exploits performed under strict laboratory conditions?

Chest Wisniewski, from anti-virus firm Sophos, told us. “It is not terribly widespread outside of China, but the number of malicious apps is increasing dramatically.

“In 2010 we saw around 40 threats, in 2011 more than 400. Evidence for 2012 suggests that the number will continue to increase. To date, the majority of threats are on unofficial or pirate markets, but we have seen several apps make it on to the Google Play store, only to later be discovered and deleted?

Why is Android vulnerable?

“The ability for users to load software ‘off market’ opens the door for malicious applications to be distributed without the need for a vulnerability, “say Wisniewski, meaning anyone can write an app and anyone can install anything on their Android phone, granting it permission to go wild their personal data.

   Google’s main defence is the Android Permissions notifier, which tells you exactly which phone features an app will be able to access once installed. The problem is, no one reads these permissions. It’s a boring list of things most of us don’t understand. How is the everyday man expected to know where it’s right or wrong for a particular app to require access to his contract details ?

There’s also the problem of software updates, which has been the bane of Android over the last year or two, as Google relentlessly releases new OS versions and the network struggle to keep up.

  “The other factor that increases the risk for Android user is the lack of patches that fix the vulnerabilities that are discovered”, explains Wisniewski. “Even if Google fixes the flaws in the maker lag far behind integrating the fixes, if they bother at all.”

Which all sounds very worrying, but then again it’s common practice, and advice throughout the tech word is to always update to the latest version of any software. If you’ve been stranded with an unsupported Android model that’s sitting on version 1.6 of the operating system, you may well be more vulnerable because the hackers have had longer to work on exploits.

Do you need an Android security app?

Wisniewski thinks so, explaining, “Not all security applications are the same – some are more of a marketing efforts than a true security application. As the number of attacks increase, it is likely we will need to provide protection on the device as well as more carefully screening applications submitted to the market places.”

Description: Do you need an Android security app?

Do you need an Android security app?

However, at the other end of the spectrum, a famous rant published on Google+ by Google man Chris DiBona, who is the open source programs manager at Google, said, “Virus companies are playing on your fears to try to sell you bs protection software for Android, RIM and iOS. They are charlatans and scammers.”

Most Android malware scare stories you hear about are based around one of two extreme premises – theoretical breaches discovered by researchers in their offices but not actually spotted in the real world, or apps that spawn numerous pop-up adverts designed to pull in ad revenue for the few days they’re allowed to run riot on Google’s Play Store.

The latter type is by far the most common. In the run-up to the android launch of iPhone smash Temple Run, numerous clones were found popping up on the Play Store. Some of these were rather malicious, redirecting users’ browsers to ad-covered websites and inserting bookmarks, but they didn’t have the power to break your phone beyond repair – nor were they technically malware, because they were only doing what users had granted them permission to do. No security or anti-virus app will stop something that you’re specifically handing permission to, so they would be, in cases like this, entirely useless. And while there’s certainly a lot of boundary-pushing, invasive software that can legitimately take its place on Google’s Play Store, actual reports of phone-breaking data-thievery are extremely rare to come across.

Is my phone infected?

Sophos’ most recent Android malware report concerned a game called The Roar of the Pharoah which, it claimed, contained a trojan that could gather your phone number and IMEI code, with the ability to send SMS messages to premium rate services.

The only problem was, this app wasn’t actually found on the official Google Play Store. Sophos only discovered it on various unnamed “unofficial download sites”. This means that it’s entirely possible that no Android device users whatsoever were infected by this apparent threat, even though the report managed to gain a lot of internet column inches.

Another common Android malware fighter and evangelist is McAfee. Its 2011 threat update made for worrying reading, claiming that two new viruses – Android/NickiSpy.A and Android/GoldenEagle.A – were found on Android phones in the last quarter of 2011.

Symantec supplies some data on the number of infections, which shows that the Android. Nickispy Trojan, which is claimed to have the ability to record people’s phone calls, has infected between 0 and 49 devices. Which is statistically about zero, when you consider that Google is selling around 700,000 Android gadgets every day.

Will it get worse?

Anti-virus firms say yes it will, while Google has recently introduced an app-scanning tool it calls Bouncer, designed to detect common forms of malicious code uploaded to its Android Market and delete them before they can inflict pain on users.

Description: Android Bouncer

Android Bouncer

With over 200 million Android devices out there today, and a rather patchwork approach to updating their software, it’s inevitable that some older models will be exploited and found to be more vulnerable.

The rule of thumb is to keep it official, only downloading apps through Google’s Play Store, because at least that way you have some form of safety net and the backing of Android’s own army of app-checking reporters. And always make sure you check those permissions when installing an app, as boring a task as it may be. They are your first indication that something is trying to work its way a little too deeply into your phone.

And while anti-virus apps from the big-name PC software protection companies are on the rise on Google’s Play Store, they won’t stop the adware spam apps and fake, because they rely on you actually granting them permission to run.

As with most things in life, the sad fact is you’re going to have to start paying more attention to the small print if you want to stay exploit-free.

Other  
 
Top 10
Free Mobile And Desktop Apps For Accessing Restricted Websites
MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
TOYOTA CAMRY 2; 2.5 : Camry now more comely
KIA SORENTO 2.2CRDi : Fuel-sipping slugger
How To Setup, Password Protect & Encrypt Wireless Internet Connection
Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
Backup & Restore Game Progress From Any Game With SaveGameProgress
Generate A Facebook Timeline Cover Using A Free App
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
- Messages forwarded by Outlook rule go nowhere
- Create and Deploy Windows 7 Image
- How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
- Creating and using an unencrypted cookie in ASP.NET
- Directories
- Poor Performance on Sharepoint 2010 Server
- SBS 2008 ~ The e-mail alias already exists...
- Public to Private IP - DNS Changes
- Send Email from Winform application
- How to create a .mdb file from ms sql server database.......
programming4us programming4us
programming4us
 
 
programming4us