Malicious software removal
If Google Play Store can nag me every week to update Twitter yet again, it should be able to warn me when an app I have installed has been removed from for breaking their T & C.
Mobile developers, listen up: when you pick up that easy-to-use advertising API, make sure it's not snoopware. That's the lesson, the take-out, or (god have mercy on my soul) key learning from work by security outfit Lookout, whose analysis of the Igexin advertising SDK ended with hundreds of apps returning “not found” on …
I was just going to ask how Android handles apps that are already installed on phones that google has removed from their App Store for being 'dangerous'. I take it from your answer that it does nothing. To be honest, I don't know if iOS is any better in this regard.
This malware payload can be dlownloaded, installed and executed without any kind of administrator/root access - the only things blocking it is a setting in a database and the end user being smart enough to not just say "ok" to all the permissions the app asks for?
Good grief, if this were Windows XP instead of Android and an EULA instead of permissions, I'd swear we were back in the early 2000s again...
Then again, Google have built their entire business on slurping as much data about everything as possible - I guess if they tried to stop anyone else doing it, they could be seen as a monopoly... oh, wait...
There are at least 3 protection mechanisms in force here, 3 more than Windows XP.
1/ Runtime permissions
2/ Malicious apps scanning on your phone
3/ Malicious app scanning on the store
Also, if you are stupid enough for an app to request access to your call history you should be sure you trust an app with your call history. Would you give your house keys to someone you didn't know?
This is doing nothing that the user didn't permit.
It can download and execute a module, but only within it's own security model, and it can only access call history, camera, audio etc, if the user has granted access for it to.
So what exactly is wrong with this app? Essentially nothing, it's doing things you granted it to do.
What is actually happening here, is The Register are giving free advertising to Lookout. The real agenda is here on a single line on their "article".
"All Lookout customers are protected from this threat."
Yep, scareware is alive and well. I suggest Lookout are as scummy as the writers of these apps, for cashing in on gullible people.
If you want an indepth look at all the ad-ons, like advertising SDK's, developer tools, and every single permission an Apk has, then this Android app can help. Besides scanning every apk.downloaded, or updated, on the device in real time, it gives definitions for just about everything an app has in it. The pop-up notice let's you examine the app before opening it.
https://play.google.com/store/apps/details?id=com.denper.addonsdetector
No offence as you may be just plugging a legit tool independently. But access to this info needs to be built-in. Its all about Mushrooming mobile-users (feeding them shit and keeping them in the dark). App developers / Storefront giants maintain an illusion of gatekeeping (nothing to see here). Meanwhile every week the Reg has a warning about an app on an store that's toxic and should never have gotten on there. And now that's its loaded-on user's devices, there's still no actionable guaranteed way to remove it, notify the user and refund them either!
That was a needlessly harsh downvote. That could be a useful app for many people, and it wasn't as if he posted a link to some random site.
As for the ad-sdk's, i was fed up with some of the things one in particular was up to, and after investigating, decided to disabled every ad-sdk that did more than was reasonable.
All but 2 have been disabled. Seriously, someone needs to come out with an "ethical" ad company/sdk and shout this fact from the rooftops. (yes, i know what I'm saying!)
Most of the ad companies seem to be evil arseholes doing dodgy stuff (and I say that not as a quip against ad companies generally, but by looking at the sort of shit they get up to)
A very popular metric they seem to feel justified to have is the device unique id. And if that is blocked? They take your MAC address. Evil bastards.