back to article Silence is golden: How Google hunts Android malware in the wild

To determine whether a mobile app is potentially harmful, Google listens for the sound of silence. Android devices that support Google Play include a security mechanism called Verify Apps, which takes the form of a setting in a device's Settings app. Verify Apps sends Google anonymized data when users install apps from …

  1. RudderLessIT
    Unhappy

    Why we run iPhone

    I am not a fan of Apple - but when choosing between Android, iOS & Windows Mobile (you didn't actually want to download an app, did you?), it's difficult to choose Android and the necessary security to maintain a fleet of devices. I don't have to do that with iPhones.

    I still don't like iOS though - just saying.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why we run iPhone

      What's PHA, Precious? https://en.wikipedia.org/wiki/PHA

      Yep. That's kinda what I tell people; run iPhone for their enhanced security, but if not use the first party Android devices, or wait forever for updates from their fragmented market "partners." It's a pain to load my home-made content onto the iDevices, but not impossible. Still, they should let me run a native Kodi on my device and make it available in the App Store. Just sayin'. I have digressed. :(

      Both G and A put out security updates quickly. It's the fragmentation that hurts Android. I have lovely Samesong [sic] devices that never got an update past kit-kat. And right this moment I checked my cell provider (t-Möbius) and they don't even carry G-branded Androids, just LG, Sammy, and some other brands. So, it's kind of hard for joe-consumer to get nice devices with good security, without paying a premium or searching high and low.

      1. Tom Paine

        Re: Why we run iPhone

        > Both G and A put out security updates quickly.

        *cough* I think you'll find Apple hoard security updates and blat the whole lot out in one big blast, rather than fixing each one as it comes along or even doing a monthly release of whatever's ready to go, as Microsoft do. Oracle take the same approach as Apple. This looks like the most recent iOS update:

        https://support.apple.com/en-gb/HT207422

        ... which contains fixes for 66 issues with a CVE number allocated.

        (Of course, there are plenty of problems with Android security, I'm not an Android fanboy, don't judge me, arrrrgh my karma, etc etc.)

  2. Anonymous Coward
    Anonymous Coward

    So that explains why I get a popup every so often that complains about the app on my tablet that allows me to transfer data to the SD card.

    1. Anonymous Coward
      Anonymous Coward

      Same here. I get "can't update app" when it tries to update Facebook and Instagram which have been force-ably moved to the SD card. Eventually, FB updated without further complaints. But it is hit or miss with those two nosy apps. Plus, Sammy keeps trying to update their awful music apps on my old S4. I can't imagine why.

      Another thing Apple should provide; better local storage option -> the SD card. (Yes, I know there are adapters)

  3. Barry Rueger

    Security Through Irritation

    I seriously doubt that the endless trickle of Android "security" pop-ups do anything other than irritate the end user.

    I tend to assume that anything running Android is insecure five minutes after it's been purchased.

    Instead of sending users pop-ups and nags that will just be ignored, Google would do better to figure out how to keep the millions of Android devices in use patched and safe.

    1. Charles 9

      Re: Security Through Irritation

      As soon as Google can find a way to reach AND patch devices for which manufacturers have effectively "cut the leash" (EOL their support, destroyed their firmware code), you've probably broken several laws (legal AND physical) along the way. Google's biggest problem is that many manufacturers simply can't be made to care: not even with threat of termination of support (they'll simply say, "Fine, have it your way" and leave everything behind). This is the motivation behind Android transitioning to a system where Google still maintains kernel control even after necessary operator cruft (necessary because they'll never agree to sell Android phones without it) is added (stated with Android M, continues with N).

      1. sabroni Silver badge
        Flame

        Re: Security Through Irritation

        They should've thought about this shit years ago. If this was about MS and not Google these threads would be full of people berating them for not taking security seriously in the first place. Instead we get excuses about manufacturers and operators not facilitating the updates or branching the code and platitudes about how Google are finally putting a kernel update process in place.

        Too little and way too fucking late.

        1. Charles 9

          Re: Security Through Irritation

          "They should've thought about this shit years ago."

          They did, and they concluded that market penetration was more important because otherwise they'd be conceding the market to Apple. So the carriers basically had them by the short-and-danglies, putting them in a dilemma: either overtake Apple with Anarchy or give up and let Apple's Police State rule.

    2. phuzz Silver badge
      Thumb Up

      Re: Security Through Irritation

      "I tend to assume that anything running Android is insecure five minutes after they've clicked 'allow installation from unknown sources'"

      Fixed that for you.

  4. Aitor 1

    Code injection.

    All nice, but you can always inject code remotedly, and no way they can get that.

    1. Charles 9

      Re: Code injection.

      Explain why there's no way to prevent this, even with things like code segregation and code signing.

      1. Tom Paine

        Re: Code injection.

        Explain why Google bother fixing memory corruption bugs if shellcode injection isn't a problem...

  5. John Smith 19 Gold badge
    WTF?

    So Googles solution Android's (their OS) security flaws is

    Send more data to Google.

    0

    Funny how that works.

    1. sabroni Silver badge
      Thumb Up

      Re: Send more data to Google.

      To be fair, that's their answer to everything, not just Android security.

  6. I am the liquor

    Gender-neutral singular pronouns [sic]

    I think using "them" in place of the unwieldy "him or her" is sufficiently widely accepted now that you don't need to [sic] it.

    1. Andy the ex-Brit

      Re: Gender-neutral singular pronouns [sic]

      This.

      https://en.wikipedia.org/wiki/Singular_they

      Acceptable since the 14th century, despite the efforts of 19th century grammarians to turn English into Latin.

  7. Robert Helpmann??
    Childcatcher

    Meet the New Boss

    The state of Android security looks like a guarantee of perpetual employment.

    So Google has overcome Microsoft's lead in this area, too? Maybe I ought to add Android security to the skill set...

  8. Tom Paine

    The state of Android security looks like a guarantee of perpetual employment.

    Hooray! I've got a job for life!!

    * FX: a single gunshot. Thud.

  9. oneeye

    Honesty Lacking in Verify Apps!

    The problem with Verify Apps in Google Security Settings is, any apps the block ads gets labeled automatically " Harmful to your Device" ! And we all know that these adblocking apps have to be side loaded. Verify apps even prevents you from downloading the apk file in the first place. So, if Google were serious about security, they would start by cleaning up the Ad serving business to start with. If they did that, then less adblocker would be in use. I'm still seeing all kinds of scareware ads coming from Google ad networks, with links that redirect to the playstore. And worse, they make it virtually impossible to find a way to report this crap.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like