back to article Android bugs let attackers install malware without warning

Researchers have disclosed bugs in Google's Android mobile operating system that allow attackers to surreptitiously install malware on users' handsets. The most serious of the two flaws was poignantly demonstrated on Wednesday in a proof-of-concept app that was available in the Google-sanctioned Market. Disguised as an …

COMMENTS

This topic is closed for new posts.
  1. Shannon Jacobs
    Coat

    Security maturity of Android?

    Well, at least I'm hoping that this signifies that most of the bugs are being ironed out... It does reduce my eagerness to buy an Android phone, however.

    Meanwhile, whenever I'm basically forced to use Windows, I wonder how many undisclosed bugs would be discovered by any competent security analyst who actually got access to THAT big steaming pile of source code. Just the random blind probing seems to be finding a number of bugs every month (that Microsoft acknowledges by patching). Is there a statistician in the house who can estimate how many bugs are really out there based on the visible rate of extermination?

    I hope no one picks the pockets of my Android phone (whenever I do work up enough trust to buy it).

    1. Anonymous Coward
      FAIL

      This a very serious vulnerability

      And possibly quite obvious as well, since apparently they discovered it just by inspecting the code. So we must assume that Google, in spite of being the self-proclaimed best engineering team in the world, either don't have security experts reviewing the code or their experts are crap. Anyway, I won't be caught dead with an Android phone, there are lots of alternatives, iOS, WinMo, MeeGo, Symbian, BlackBerry OS, QNX...

      1. Anonymous Coward
        FAIL

        Re: This a very serious vulnerability

        " I won't be caught dead with an Android phone, there are lots of alternatives, iOS, WinMo, MeeGo, Symbian, BlackBerry OS, QNX..."

        ... and of course none of them have any bugs. I think you'll find security is one area where it's best not to be too smug about someone else's misfortune.

        And the fact the source code was publicly available for inspection means this bug has been found, and can be fixed. That's a good thing, in case you were wondering.

      2. Anonymous Coward
        Happy

        Wrath of the droidbois!

        Careful now...you'll upset the droidbois with comments like that...I think what you meant to say was:

        "Droid is wonderful, beautiful and it is absolutely faultless and perfect in every way - while IOS is the spawn of satan"

        Anything *not* on those evangelical lines will get you downvoted...

        1. Anonymous Coward
          Happy

          QED!

          Yay - 2 downvotes already for me...I incurred the wrath and I have been foresaken!

      3. Anonymous Coward
        Anonymous Coward

        Alternatives

        but secure ones?

        Closed-source OS's survive by "security through obscurity" as the OP said. If research teams had the iOS/Windows/WebOS/etc. source, they'd likely find equally critical security issues.

        True, Google should feel a bit embarrassed, but at least groups like this are able to find and report such issues.

        1. ThomH

          @Alternatives

          Expecting to incur the wrath of the rabid gang, I think an issue may be that Apple, Microsoft and Palm all have tight control over software updates in the sense that they can publish an update and be confident it'll be available to all users almost immediately. Google are in the unfortunate position that they don't control software updates further down the channel. So the position is, for many Android phones, that the source code is available allowing people an extra means to find one or more of the many faults that are all but unavoidable in a project of that size, but that pushing fixes is extraordinarily difficult. Look at the number of handsets for which manufacturers have so far failed to supply 2.2. Even high profile devices like the Galaxy S have yet to receive it (next week, apparently), though it hit the Nexus One in June.

  2. J 3
    Jobs Horns

    Oh, no...

    I can see the smug smirk. It is not pretty.

    1. Anonymous Coward
      Badgers

      I doubt it

      He's probably crapping himself...he's got more apps in his walled garden than Android, and now he's wondering if any of those are doing things they shouldn't do...but how can he be sure?

      Apples Walled Garden (app store) is still the best for peace of mind for the user (who mostly aren't technically minded), and a model Google probably grudgingly admires (Cue Droidboi downvotes) for this reason - but it only takes one very-public security scare to shake/destroy that public confidence in Apples app store.

      Nah - I recon Jobs is definitely worrying about this, or at least about the trend of where it's going (Cue Fanboi downvotes).

      1. MyHeadIsSpinning
        Jobs Horns

        Re: I doubt it

        "Apples Walled Garden (app store) is still the best for peace of mind for the user"

        <Cough> Cydia </Cough>

        1. Anonymous Coward
          WTF?

          Cydia, Yeah right

          I trust the goons at Apple more than a bunch of hackers who are offering all manner of stuff that may, or may not be infected in some way

        2. JaimieV
          FAIL

          If Cydia is installed

          the walled garden has already been bulldozed, and Apple's control defeated. Which is why it's done, of course.

          And it can be a security hazard - people installing sshd and not changing the default passwords, for example.

  3. Anonymous Coward
    Flame

    Droidbois to the rescue?

    Wonder what fanboi-esque rationalization the droidbois will use for this one? And they say apple fanbois are bad...

    Slate the apple walled garden all you like, but you certainly don't hear about iPhones getting rootkitted. google needs to nip this in the bud and quick...once one of these security/malware stories hits the general press, it won't do androids market share any favours.

    1. Gilbert Wham

      ER...

      http://www.theregister.co.uk/2010/11/10/mac_osx_security_vuln/

      1. MineHandle

        True, but not iOS

        That's about MacOS not iOS. Still it does prove the point that there are no 100% systems.

        1. AndrueC Silver badge
          Black Helicopters

          Title

          >That's about MacOS not iOS. Still it does prove the point that there are no 100% [safe] systems.

          No, just a clique of people who think they use one.

    2. Loyal Commenter Silver badge

      Meanwhile, in the real world...

      http://www.theregister.co.uk/2010/11/10/iphone_forced_calls/

      And that was yesterday.

      1. Anonymous Coward
        Thumb Down

        @ Loyal Commenter

        I call Red Herring on that reference.

        a) From what I see (and what other commenters noted on that article) this is a feature, not a bug

        b) the 3rd party app being called would need to still need to be malware, which (theoretically) should have been captured by the walled garden gate keepers (ie Apple)

        c) The user would still actually need to install the 3rd party app him/herself

        But more importantly - what relation has this got to do with Android being root-kitted, or un-vetted apps being installed without user permission? Because ios is "bad" makes it's ok for Android to be *even worse*???

        1. Loyal Commenter Silver badge

          Allow me to clarify:

          Firstly, what has been demonstrated is not an Android rootkit. If I understand it correctly, there is a flaw in the permissions token system (which has been patched already) which allows one application to use the tokens from another. The attacker would require control of both apps.

          In the case of the iPhone vulnerability, malicious code on a web page can cause an installed app to perform actions which bypass security checks altogether. As a proof of concept, they used an Iframe on a web site to cause Skype to call a phone number (whch costs the user money). It could equally apply to ANY third party app. The vulnerability bypasses the controls in that app.

          Whilst this is not the same vulnerability, I'd say it was similiar in both type and severity.

          My point is this; both systems have flaws. The one in Android has been addressed and patched. The one in iOs has not. Just because Apple claim that it's not a flaw does not actually make it any less so.

          As a practioner of the dark art of programming myself, I can assure you that any software of non-trivial complexity will have bugs. The sort of 'my choice of software has fewer bugs than yours' mudslinging that goes around is often disingenious. What a software company should be judged on is its response to the discovery of such vulnerabilities, specifically what they do to address them, and how quickly.

          NB; this bug was found in Android BECAUSE it's open source, the iOs bug was found DESPITE it being closed source. As a rule of thumb, open source software will have had greater scrutiny than closed source, so for every bug found in closed source software, there are statistically likely to be more others still to be found than there would be in the open-source equivalent. This wikipedia article quite nicely covers the principles here:

          http://en.wikipedia.org/wiki/Security_by_obscurity

        2. No, I will not fix your computer

          Re: AC: @ Loyal Commenter

          @ a) It's a feature not a bug? you sound like M$, the same could be argued on the Android bug/issue/flaw/feature as it's using a valid function for an invalid purpose

          @ b) No it wouldn't (did you read the article?) it can call a 3rd part app (any of http://handleopenurl.com/scheme?page=1) and get it to do things you may not want, and example would be to call a premium rate number or spam people adverts on skype.

          @ c) No it wouldn't (did you read the article?) it exploits Safari iFrames just by visiting a website which has arbitary html on it, although I completely accept that you'd need to visit a compromised or malicious website (which are to be fair all too common)

          >>But more importantly - what relation has this got to do with Android being root-kitted, or un-vetted apps being installed without user permission? Because ios is "bad" makes it's ok for Android to be *even worse*???

          These are not identical platforms, therefore it's not a comparison of better or worse (and that is in fact a matter of opinion) what it highlights is that all OS's have potential issues, of varying degrees, the iPhone and iOS is an exceptional combination with a solid support base, but it's not perfect, with issues around antenna, ability to make unauthorised calls on a locked handset, safari issues etc. (and of course the premium you pay for it) what is an absolute fact is that if the iPhone was more "open" it would have more issues, this is where Android is, being more "open" it has the potential for more issues, although long-term, Android should be better, it just doesn't have the benifit of security through obscurity that a closed source (like iOS) has.

          Don't forget the iPhone design dates back to 2006, the 4G is basically the same phone as the very first iPhone, they've had a lot of time to get it right, just imagine how far Android phones will advance in 5 years.

  4. heyrick Silver badge

    Given the "age" of Android...

    Wiki says the initial release was 21 October 2008. Given its age, a little over two years "in the wild", I think we ought to forgive it some issues. And yes, some of these issues will be serious. So long as it moves forward in the future to improve, for correct me if I'm wrong but 2 years is less than most IE version cycles, less than Windows version cycles, less than...

    ...get the point?

    Disclaimer: I'm not an Android fanboi, don't have anything running it nor have I ever used it. To be frank, I doubt I will for a *long* time, as I find the only thing of any value on a smartphone is the ability to run a web browser so I can check my mail. Other than that, it's... you know... supposed to be a phone.

    1. Giles Jones Gold badge

      LOL

      How many years is enough?

      Just shows that the combination of a closed development cycle and a kernel tree separate from the main Linux tree results in holes. Its a development process that has none of the advantages of open source. No peer review until it is too late (you want bugs to be found prior to release) and development under control of one group who may rush it to get it out of the door.

    2. Paul 129
      Heart

      I am a fan

      You know these things occur from time to time in all systems. The question is how they handle it. A patch may be developed, but if they only release it as part of 2.3 that wont be good. I showed off my htc desire to the Missus and she was conned into a Erricsson, which is still on 1.6 :-(

      At the moment Android is held hostage to the handset makers, plus the carriers. So if anything bad does happen, how easy will it be for google to deploy counter measures.

      Its in Google's best interest to sort this out NOW. I'm interested in seeing what transpires.

      Yes google is creepy, but once you've lost your virginity...

  5. Deadly_NZ
    Pint

    "As always, we advise users to only install applications they trust."

    Hehehe right I know the I like most people want the latest ,best quickest flashiest thing available and I want it YESTERDAY!!!!!!!!!!!!!!!!

    " a Google spokesman said. "As always, we advise users to only install applications they trust."

    As we say in New zealand Yeah Right!

    Beer glass MMMMmmm Beer

  6. Tony Paulazzo

    Virgin mobile

    Is still on 2.1 even though froyo's been out for months. I wonder if I phone 'em up and ask if they'll accept responsibility for me getting pwned they'll hurry up with the upgrade - or should I just take the plunge and root. Since Google are giving all their staff a nice rise and Xmas bonus' perhaps they should accept responsibility for anyone getting infected and pay out for any losses.

    Also, anyone know if those antivirus apps for android caught those rogue apps, or are they as useless as I suspected all along.

    1. Tigra 07
      FAIL

      RE: Tony Paulazzo

      "Since Google are giving all their staff a nice rise and Xmas bonus' perhaps they should accept responsibility for anyone getting infected and pay out for any losses."

      It's got nothing to do with Google, it's your phone maker.

      Google made the updates available months ago, if you don't have it then blame your network or the manufacturer for not passing the upgrades to you.

      I'm still waiting for 2.1 because of Sony Ericsson taking their time!

  7. Jean-Paul

    Hmmm

    Googles response is pathetic, 'we advicse users to only install applications they trust' and how are we supposed to do that? Is google saying not to trust their own Market place?

    Not so happy with my Desire HD anymore.

  8. probedb

    O2 update?

    So I guess a fix will be rolled out by O2 in 2014 then? ;)

  9. Colin 29

    Fix

    How do google plan to roll out a fix? Will it involve patching handsets?

    I have a Samsung I7500 Galaxy (is there a Samsung product that doesn't contain the word Galaxy in it?!) but it's still on Android 1.5 because Samsung refuse to update it. If some kind of update to handsets is required I'll certainly not get it.

    1. No, I will not fix your computer

      Re: Fix

      That's interesting, my Galaxy (Portal/Spica/Lite) had an official 2.1 upgrade, maybe it's your network provider rather than Samsung (or maybe you missed the memo?).

  10. Rogerborg

    Ah, the Cassandras of software development

    The only perk of being a security-conscious developer working in a commercial environment is being able to say "Told you so" when all the vulnerabilities you warned about get shipped anyway to meet a market window.

    Works for blog comments too.

  11. dotdavid
    FAIL

    Android security might be the kicker the networks need

    I'm usually a rabid Android fanboi but this highlights the platform's major shortcoming - the lack of a viable OS update mechanism like Apple's and Microsoft's (well, for their new OS anyway). This may or may not be a serious issue but there will be others, and unlike Apple users can't update their phones to fix all of them.

    Operators and manufacturers need to get out of the mentality that these phones are just boxes they can sell/give away with a contract and then forget about. They're mini computers and security updates should be provided for their expected lifetime.

    Google have tried to mitigate the problem somewhat in 2.2 by modularising more of the OS, so you can update certain system components via the marketplace. However this isn't going to be able to fix core OS vulnerabilities that might arise in future. They really need to be thinking about ways of allowing OS upgrades in full - now Android is in the public eye and mindset, and people have an investment in it (through app purchases and now being in Google's ecosystem wrt contacts and calendars etc) it's an ideal time to force the operators and manufacturers to play ball.

  12. Anonymous Coward
    Linux

    Updates

    Hopefully this means they will encourage the phone manufacturers to release updates for all handsets to 2.2.

    Some how I doubt it though, so looks like my Hero is stuck on 2.1 unless I install a generic ROM from somewhere.

  13. Anonymous Coward
    Anonymous Coward

    The real problem

    The real problem here is not that there is a bug in the software, but in reality it is very very unlikely to be fixed in the majority of handsets out there. I have an Orange Sanfrancisco running 2.1, the chances of Orange UK releasing an update to 2.2, or even a bugfix for 2.1, pretty much zero from what I can see. Thankfully we are in contact with the manufacturer and there are also non-orange uk releases so it may be that the hacking community can save the day on this one, but the retailers and manufacturers really need to think properly about supporting what in effect is a desktop OS in the wild.

    1. Michael C

      Exactly

      It's trivial for GOOGLE to fix, in the current build, possibly in previous builds as well. Handset manufacturers then have to update their code, on phones they already no longer support, and then that code has to propagate through the carriers.

      Internally, with CVS and other systems, code is easy to modify. However, when a 3rd party alters code your library is not directly supporting (or has moved past with newer releases of your own) integrating (or even FINDING) the necessary code changes in THEIR code to incorporate into your modified version is very difficult. Not impossible, but its complicated, time consuming, and can introduce many many new issues and an array of testing, and worse can impact dozens of handsets.

      Apple uses a single OS base with minor module or API differences. A fix in a core function is easily ported across all systems. Google's base code is easily modified, but porting that modification across hundreds of unique models, each using an array of hardware, and little of it even compatible with the latest release version, is a mess. There are still dozens of handsets fully compatible with 2.1 or 2.2 that don't have it. Many will NEVER have a 2.x version. If this fix is populated only through lets say N-2 revisions and Google chooses not to patch all the way back to 1.0.

      With the open code base, finding a bug is easy. That also means for hackers as well as coders that fix the bug. Apple can release a patch for all iPhones in days, or less if it was REALLY critical, and all anyone needs to do is plug in and it gets it (including a full backup). OTA code updates whack data that is not protected, restore of android apps post upgrade is a PITA, and that update might take WEEKS to get to your handset even if google has the patch today.

      Also, people "generally" trust what's in the google marketplace, as it is a policed market on SOME level. That means apps there typically get installed without question, but this is very false security. Apple looks VERY deep into the program operation, including directly questioning why some APIs might be included if there's no obvious NEED 9not just a reason, but a NEED), google skims the surface. Apple can pull a app quick and then only jailbreakers could still get it, Google pulls one and its available tomorrow in another marketplace, under a new name, still with the same virus in it.

      I think Android is a far more powerful platform, more flexible, i think it even looks better (though it needs some UI love and some better design). However, because Google has no direct patch authority, and because carriers are not FORCED to maintain current code bases on all released devices, and push patches within acceptable time frames, having an Android device is very dangerous. Worse, its literally PUSHED on thousands of consumers who have no business having a device as powerful as it is. There really should be an Android "lite" (or a hidden PRO mode that has to be activated and comes with warnings).

      Hackers KNOW planting a virus on Android can take weeks to eradicate, and on some devices will never be removed. Multiple viruses have already gotten through googles defenses, and the frequency is increasing quickly. Apple is not only harder to get past (deep code inspection), and quicker to patch (no middle men to worry about), but they're also half the market segment now too. Also, putting an app in apple's store means VALIDATED background checks and easy trails for cops to follow, not so much in Android marketplaces... putting viruses on iOS is dangerous for the hacker, and a much more limited and difficult target. Its not security through obscurity, it's security through trouble and risk and very real protections, and rapid response. Its not worth hackers trouble with such a rich and easy to exploit target as an alternative.

      If ALL device mfrs were required to guarantee continued update support, within 1 week of a google patch release, for all devices sold for +2 years from last date of sale, and forced carriers and device makers to port all "compatible" features of new OS releases (as Apple does, 4.2 runs on everything except gen 1 which is now more than 3 years old, just not all the bells and whistles of it) within 30 days of Google release, then we'd have a platform with better security, and less fragmentation.

      Still, even if they got all the manufacturers in line, modularized the entire thing for 3.0 (breaking all existing apps), all they'd do is drive up the cost, and limit the model availability.

      My real reason for not diving in though, Sun.... I have a sneaking suspicion we'll be seeing a cease and desist order from a court here, possibly within the year, ordering all code development on Android to stop short of removing every line of Sun's code, and a 1-2 year set back in android development, and a multi-billion dollar fine, and removal of many core features or functions. Android is very much in violation of very strong patents, it's not a minor sleight, and its clear and obvious, entire sections of code copied and pasted.... It could very well be pulled from the market entirely. I can't take that risk.

  14. Dave Fox
    Stop

    Move along, there's nothing to see here

    So, a researcher posts a proof of concept app that highlights a vulnerability in Android that Google are now going to fix.

    Sounds quite similar to the recent "weaponization" of the jailbreakme.com exploit that a researcher recently demonstrated as a proof of concept of how a rootkit could be installed silently and without user permission on range of fruit themed telephony devices, which a certain fruit themed manufacturer has already patched. (@ AC 01:19 GMT - see, you do hear about iPhones getting rootkitted! :) )

    Seeing a pattern here? Exploit found, exploit published, exploit patched!

    Security vulnerabilities exist on *all* platforms, and continue to exist until they are found and patched!

    Finally, @AC 01:39 GMT - of course it's easier to find exploits in open source code! Doh! This is one area where closed source has an advantage, but with closed source code you've no idea how good or bad the code quality is whereas with open source you do and you can fix it!

  15. Anonymous Coward
    FAIL

    Serious Future?

    I wonder if Android has a serious future?, Google seems update Android every 4 months and honestly believe every Android handset out there is upgraded to the latest and greatest version of the OS. In reality, Android handsets are released and rarely upgraded, usually only getting 1 version bump before being classes as old. Mobile phone contracts are normally 18 to 24 months and so users are left exposed to all sorts of issues whilst they wait for their contract to renew/expire.

    With Android appearing on cheap tablet computers (like Next's one) it's only a matter of time before people (normal non-techical people) are going associate Android with low quality and no support. Google need to get a grip on their OS before Android is considered a poor persons Ipad/Iphone/Windows phone.

    1. Anonymous Coward
      Anonymous Coward

      Cue downvotes!

      oooh, you dared to question the Droid...downvotes for you!

      Perfectly reasonable post IMO, but since when does that matter?

      Wait - I just did it again too...more downvotes for me!

      1. Anonymous Coward
        WTF?

        Re: Cue downvotes

        Oh please stfu and stop your downvote whingeing you sad, pathetic fanboi loser.

        1. The Commenter formally known as Matt
          Troll

          Re: Re: Cue downvotes

          Don't feed the troll

  16. lucmars

    That's the meaning about integration vs fragmentation

    Unless Google has its own hardware to the mobile operator, it will stay in the PC model without standardized hardware. Is there somewhere a standard handset/tablet, something that even the PC manufacturers could produce as a commodity ?

    Apple integrates everything until the user himself (since this one is just another kind of thing) but that also means that the product is entirely dedicated to its purpose.

    You can't reach that with the PC model even standardized, cos you still offer a computer to people who just want to enjoy the contents.

    That's the first meaning of the fragmentation : the hardware from there, the OS from there and the apps from elsewhere not mentioning the horrors from the mobile operators. It's not a matter of porting and recoding at the first place.

    1. Anonymous Coward
      Anonymous Coward

      Que?

      Didn't understand a word of that

  17. Anonymous Coward
    Flame

    @anon coward

    "Android handsets are released and rarely upgraded, usually only getting 1 version bump before being classes as old. Mobile phone contracts are normally 18 to 24 months and so users are left exposed to all sorts of issues whilst they wait for their contract to renew/expire."

    Smartphones are targeted at the Oooo shiny! crowd. As such they probably upgrade every year or 2 years anyway. People who want to do real work on the move buy a blackberry. People who just want to make phone calls buy a cheap nokia. The rest are just drooling idiots who frankly don't matter in the scheme of things because they'll always come back for me. And that applies to any smartphone user including the iphone.

    1. Anonymous Coward
      FAIL

      @boltar

      You, my friend, are a bitter and twisted person. Why would you come into the comments section for an article about smartphones just to berate smartphones? You need to get a grip of your life and take a good look in the mirror before opening your mouth (or y'know, typing and that) to slate others.

      I feel sorry for you that you don't know the joys of smartphone ownership.

  18. Anonymous Coward
    Joke

    Hey, look everyone!

    It's a Blackberry fanboi!

    You don't see many of these in the wild.

  19. Anonymous Coward
    FAIL

    @anon coward

    "You, my friend, are a bitter and twisted person. Why would you come into the comments section for an article about smartphones just to berate smartphones? You need to get a grip of your life and take a good look in the mirror before opening your mouth (or y'know, typing and that) to slate others."

    Aww, did I touch a nerve? Bless.

    Never mind, I'm sure theres an app to cure your sense of indignation.

    1. Sarah Bee (Written by Reg staff)

      Re: @anon coward

      You two go outside and get some fresh air.

      1. Loyal Commenter Silver badge
        Pirate

        Be very careful downvoting the moderatrix

        She knows who you are.

        1. Sarah Bee (Written by Reg staff)

          Re: Be very careful downvoting the moderatrix

          I do know, it's true. But I don't care about downvoting. I can't even see what comments have been downvoted from this end.

          1. Edagan

            Downvoting

            Also, does anyone *care* about up- and downvoting? I've never really understood the function of it, except to let someone express disapproval without the scary prospects of identifying themselves or constructing an intelligible sentence. And we don't have to identify ourselves anyway, thanks to the Anonymous Coward tickbox.

            So I post my opinion, and loads of people scurry to tick the red box, and I end up with four zillion downvotes and... what? All this anonymous disapproval is supposed to prompt me to change my mind?

            "Oh no, people don't like me/my beliefs/my post/my grammar, I'd better think what they think instead. Except... I can't, because they couldn't be bothered to tell me what they think."

  20. Anonymous Coward
    Boffin

    64% of Android users

    Are still using older versions because their carriers are too lazy to provide OS updates in a timely fashion, because they are putting all of their efforts into loading OS releases with buggy crapware/bloatware the users don't want and cannot remove. I know that is the case with my T-Mobile myTouch 3G Slide.

  21. Gene Cash Silver badge
    FAIL

    Android market sucks

    Yeah, I think the Android marketplace really sucks, and it's the worst part of having an Android phone. Not only does it tell you very little about each app, it's pretty much divided into either free/paid or games/not-games. There's a set of extremely broad categories that apps seem to be randomly tossed into, as a solitaire game doesn't fit *my* definition of "office productivity app"

    You do a text search and get a random pile of apps. Considering Google's original aim in life, the search is worse-than-horrible.

    Then I get whatever simple app, like maybe a flashlight or solitaire, and it wants access to my contacts, full internet access, ability to make calls, ability to see fine location and an absolute metric assload of other over-the-top privileges. WTF? Obviously no one at Google even took the slightest look to see if the app passed a basic smell test.

    Android sucks, but unfortunately the iPhone and everything else out there suck worse.

    1. Anonymous Coward
      Anonymous Coward

      Cyanogen

      Sounds like you want CyanogenMod and skip installing the Google Additions (Gmail/Maps/Market etc).

      The new Market with it's web-based companion demo'd during Google IO and rumoured to be released around the same time as Gingerbread should improve things drastically. At least we can hope.

  22. Anonymous Coward
    Go

    becoming very popular

    It's a sign that android phones have become common

    They are now subject to scrutiny and attacks - which is good as

    they'll get more secure

    1. Anonymous Coward
      Thumb Down

      Wishful thinking...

      It's going the way of DOS. Those old enough will remember how there used to be MS DOS, PC DOS, DR DOS... and, of course, any assumption about which version of them was actually installed in a machine was like the postcode lottery.

  23. Pablo

    Duh

    Maybe they shouldn't have included a feature to install apps without local permission in the first place, huh? OF COURSE someone was going to find a way to abuse it.

  24. vincent himpe

    Whoa...

    and here i was thinking that these linux based things are so super secure...

    pie -> face ...

  25. Edagan
    Thumb Down

    Depressed

    I started to read the comments but I got too depressed.

    Droidboifanboidroidboifanboidroidboifanboidownvotedroidboifanboidownvotedroidboifanb...

    /sigh

This topic is closed for new posts.

Other stories you might like