Persistent ad and dialler trojans found on 28 Android phones More than two dozen cheap Androids have been found to host pre-installed malicious apps capable of downloading persistent adware and making phone calls. The phones, which include Lenovo's A6000 and A319, were discovered bearing the pre-installed malicious apps by security researchers with antivirus firm Dr Web. Dr Web reckons …
> "Go and get a not-so-cheap android phone."
And what is wrong exactly with a cheap phone?
God forbid some of us see phones as actual, you know, phones, not as a social status symbol to be derided if it's not worth more than a reasonable desktop computer.
This post has been deleted by its author
You don't need to spend a fortune to be safe. Keep your eyes open and you'll find handsets from known brands for silly cheap prices. I bought my Motorola E 2nd gen from a brick and mortar Vodafone store on PAYG for £35, unlocked on eBay for £1.20, flashed Cyanogen Mod 14.1, now bang up to date with regular security updates. I know its not a high-end phone, but it does everything I need, and it cost less than 1 contract payment for an iShiny or Samsplode...
"...unlocked on eBay for £1.20, flashed Cyanogen Mod 14.1"
With respect, you're not talking here about a 'cheap' phone. You're talking about a moderately priced handset, which was intended to be subsidised by the PAYG business model, with supplementary income from a vendor-branded OS. You've made it cheap by circumventing the business model. This is not a valid comparison.
A true 'cheap' Android phone is cheap full stop; cheap manufacture from cheap components, cheap OS, and a stripped out supply chain with razor thin margins. This is where the danger is; as the incentive to do illegitimate things to earn supplementary income is far higher than when there's a 200% profit margin on the hardware.
Hard to tell what's real and what's fake given the amount of bloatware installed by the manufacturers. Some app suddenly appears? It must have been an update... maybe the manufacturer will update Jellybean soon...
Basically, if you are not running the current Android release then you are a lot more vulnerable than you would be otherwise, sic.
While I consider myself relatively computer literate, when it comes to Android, its basically a black box to me. So my question for you esteemed commentards - What are the best ways to protect your phone? Are there trusted sites from which i can scan my phone to check for any malware? Whilst I'm currently using AVG (which I'm beginning to consider to be an adware product in its own right, due to the number of ads I get begging me to upgrade it to the paid version!) and have the latest Version of Android im probably protected, but are there any othe programs I should be looking at? On a PC you never rely on just a single product for safety as they rarely catch them all, but on Android, what to do, what to do?
What are the best ways to protect your phone?
That is a very good question.
Are there trusted sites from which i can scan my phone to check for any malware?
How would that work, then? You'd have to have an associated app running on the Android phone to talk to the site and performing the scan on its behalf ... and how would you know to trust that app?
I'm currently using AVG (which I'm beginning to consider to be an adware product in its own right, due to the number of ads I get begging me to upgrade it to the paid version!)
AVG is one of a number of AV suppliers who used to give away good products, but who have since become more and more commercial. I've no objection to paying for good software (if it really is good) but AVG's aggressive use of advertising has led to my ceasing to regard them as a serious contender. I may be doing them a disservice, but frankly I can't be bothered to suffer the ads to find out.
[I] have the latest Version of Android [so] im probably protected
If you really have Nougat -- it's not yet available on many devices -- that's probably the best thing you can do to stay secure. Just stay away from questionable apps.
"...So my question for you esteemed commentards - What are the best ways to protect your phone?"
I'm sorry to say it, and I'm sure I'll be downvoted to hell and back, but the best way to protect your phone and make use of modern functionality is to buy a phone from a vendor with a tightly controlled, curated ecosystem where the revenue mode is clear and transparent; e.g. Handset margin.
As opposed to a vendor-aggregated, 'free at point of use' system where it's anything but clear to Joe User where the company makes its money. Because Joe only cares about the initial price tag, he's opening himself up to a world of hurt later down the road as vendors fight to survive in a world where in order to maintain that minuscule price tag, they are forced to look to ever more obscure routes (in some cases illegal) in order to supplement their revenue.
A tightly controlled, closed ecosystem with a transparent business model based on sky high profit margins on both software and hardware? Sheesh, wish I could think of one.
Sent from my iPhone
@ LordElpuss:
While there is reasonable logic in your argument, and you get credit for disclosure, the error here is that *since you can* afford the sky high profit device, sadly, you are now a more desirable target. That said, the infra around that device, does seem to have a somewhat better leash on things. But only somewhat.
The best way is not to install any crappy apps and pay attention to the permissions asked for when installing. Always download from the Play store* unless it is a significant vendor like Amazon and refuse to install anything that asks for excess permissions.
Never install anything that pops up on a website when you are browsing and avoid free games that don't come from well known publishers.
Make sure your phone is from a vendor that updates the android security patches regularly.
All of that will keep you pretty safe.
*That is not to say anything on the Play store is safe, just outside it you are generally at a greater risk.
... does the news about Android have to get before the Android fan boys admit that there may be a problem? This news is about as bad as security news gets, the vendors are deliberately selling phones pre-infested with malware. That's "do not touch this with a barge pole" territory because even if you manage to clean off the stuff that an anti-malware package can find, you have no idea what other stuff is lurking in there. Previous experience with supply chain corrupt practices also suggests that it won't be long until the vendor is issuing "patches" that put the malware back onto the phone. That's what happened with "Bad USB" patches for USB devices that had malware embedded in the firmware.
Yet here we see people apparently happy to root their phone (hence giving the malware unfettered access to everything) and hoping that they may be able to scrape the bugs off.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
