El Reg asked Google to comment on the incident, in particular the suggestion that crooks had figured out a way to smuggle malicious code past its security controls, but have not yet received a response.
The play store has security controls beyond "remove it if someone says it's infected"?
Would ANYONE be stupid enough to do online-banking on a portable unsecured device with an unpatched OS without a virus-scanner or firewall ?
Most people are happy to login to their banking-website from their mobile phone while using an ancient version of Android or IOS and most banks don't seem to give a f*ck !
And when people actually DO lose money the banks are more than happy to point this out so they don't have to refund the money...
Re: Why ?
As supposed to the app? Yes that sounds a bad idea. But the apps generally should work ok.
Re: Why ?
Well, for one thing, mobile deposits. It's nice to be able to deposit a check without physically going to the bank, and there's no way for me to do that on a PC with my bank - only the mobile app does that.
That's about all I ever do with it, but it also can show me my balance or help me find a nearby branch, etc. when I'm not home. I do all my bill paying on my (Linux) PC, but mobile is sometimes an advantage.
As for unpatched OS, whose fault is that? It's all about planned obsolescence, and most manufacturers (I'm looking at YOU, HTC) don't patch anything past 1 year. Google surprised me by supporting their hardware for a whole 2 years. Never happen, but there should be a law that they have to issue patches for everything for at least 10 years, IMHO.
Re: Why ?
Mobile check deposits sound like the most security risky method of using such an app.
Re: Why ?
Are you new to information security or do you just like to judge people?
No matter how much you build something and make it idiot proof; someone finds a way to build a stronger idiot. Welcome to InfoSec.
App runs fine
If you deny the permissions, so there is your answer just deny the runtime permissions if you want play bust a move
I'm pretty tired of the android malware clickbait hidden agenda, it's rather tiresome. With over 2 billion active android devices, more than Windows PCs, real world infections are pretty much unheard of, yet the noise from security "experts" is totally disproportionate.
@malle-herbert. I would just an android device far more than I would trust a PC or MAC... By comparison they are both malware magnets
The Noise from Security Experts, Helps get Things Patched!
Anyone who thinks they are safe because the security community is making too much about vulnerabilities, is just plain foolish. Anyone who wants to harden their device, or software like browsers, is a practical person. They appreciate the hard work of infosec researchers. So, even if a device is a bit older, they can be proactive about securing those devices. It's not all doom, but many articles on how to stay safer too. Noise? I think NOT !