New Android Malware Robs Bandwidth For Fake Searches 236
adeelarshad82 writes "We've been hearing about various Android malware spreading through the Chinese markets. Well, here's another one to look out for: meet ADRD (aka Trojan:Android/Adrd.A) which is expert in sucking your bandwidth. The malware downloads a list of search URLs and then performs those searches at random in the background, which as the screen shots [in the linked article] show leads to excessive data charges. Similar to other Android malware this too is distributed through wallpapers which are infected repackaged versions of legit wallpapers."
Adds reader Trailrunner7: "Lookout, a mobile security vendor, said it has identified 14 instances of the malware repackaging itself in various wallpaper apps and specifically in the popular game RoboDefense, made available in alternative application markets. The trojan works by duping an infected app into sending encrypted data containing the device’s IMEI and IMSI to a remote host. HongTouTou then receives a set of search engine target URIs and search keywords to send as queries. It then uses these keywords to emulate search processes, creating searches in the search engine yielding the top results for those keywords and clicking on specific results. To the search engine, the searches appear to be coming from a mobile user using a mobile web browser with User-Agent corresponding to the UCWeb browser."
We're Not Surprised (Score:3)
I guess it's running fake searches to up the 'autofill' for items on Google? Let's just hope it's not searching for iPhone related items. Man, wouldn't that be embarrassing?
Re: (Score:3)
Note that the malware is not in the official Android Market either, it is in third-party add-on markets. Android lets you install apps from anywhere, including web pages and other apps. The price of this freedom is the possibility of installing malware.
This is the price of freedom - the need for vigilance and not blindly trusting a wallpaper app that for some reason wants full internet access.
Re: (Score:2)
>This is the price of freedom - the need for vigilance
Truer words were never spoken.
and not blindly trusting a wallpaper app that for some reason wants full internet access.
Umm... yeah, that too.
Seriously. If a mobile device owner wants to outsource responsibility for his device's security, there's always the "walled fruit garden". I guess we can be glad that many in-duh-viduals chose Apple, because we've seen the debacle they've made of the Net with their unpatched trojaned exploit-ridden PCs.
Hmm. T
Re: (Score:2)
I agree useful stuff can be used for bad. There are two ways to deal with that though, get rid of useful stuff or try to manage any issues. I prefer to keep the useful stuff.
The third way (Score:2)
There are two ways to deal with that though, get rid of useful stuff or try to manage any issues. I prefer to keep the useful stuff.
The third way is to control background access to the useful stuff so you get that but nothing arbitrary. That's the way Apple chose.
Re: (Score:3)
Missed the point: open was supposed to be much better than closed. Everyone said so. They still say so. Everyone else is more full of shit.
One serious question: Why? (Score:3)
So was this malware put together by, on on the orders of, a mobile company itself, seeking to boost revenues? What other reasons would there be for this malware to exist? Does simply searching for terms do something for SEO?
Curious,
Re:One serious question: Why? (Score:4, Insightful)
Thanks for asking this. I was left scratching my head after reading the blurb, too. Other than simple malicious behavior like draining batteries and running up account charges, is there some deeper purpose to this piece of crap?
Re: (Score:2)
Perhaps it is supposed to do more but is buggy?
Re: (Score:2)
This is not a virus.
Re: (Score:2)
This is not a virus.
Thanks for reminding me of one of my favorite movies . . .
Clouseau: Does your dog bite?
Hotel Clerk: No.
Clouseau: [bowing down to pet the dog] Nice doggie.
[Dog barks and bites Clouseau in the hand]
Clouseau: I thought you said your dog did not bite!
Hotel Clerk: That is not my dog.
Re: (Score:2)
Re:One serious question: Why? (Score:4, Informative)
For a specific search term, the top results shown in Baidu search are paid for, which means the websites in question pay Baidu for prioritizing their sites and every time a user clicks the result (this may sound 'innovative' at first but I assure you it does more harm than good, considering putting names of random diseases in Baidu these days results in a full page of dodgy websites offering expensive (yet often ineffective) treatment courses).
To increase revenue, Baidu encourages equally dodgy 'vendors' to lead users into clicking these links by giving a small kick-back for each successful hit. The whole thing sounds like borderline fraud to me but hell somehow it's legal.
The trojan, HongTouTou (or 'Phantom Clicker'), is the result of such business model as a certain vendor tries to profit by creating artificial traffic.
This an actual URL generated by the malware: http://wap.baidu.com/s?word=%E8%9D%8E%E5%AD%90&vit=uni&from=963a_w1 [baidu.com] (don't click or you'll be generating revenue for them.)
Notice the 'from' parameter, 963a_w1 being the vendor ID.
An in-depth analysis can be found here:
http://www.antiy.com/cn/news/android_adrd.htm [antiy.com]
Oh, Chinese language knowledge required.
Re: (Score:2)
Click Fraud [wikipedia.org]. Trojan authors are, or are working for, "advertising affiliates" that get paid per-click for clicks on advertisement links.
SEO would be another good theory, but This Register article [theregister.co.uk] is calling it very specifically "click fraud", and indicates that the trojan is specifically targeting the ad network on the Baidu search engine. Maybe SEO might be a desired side-effect, since it also increases click-throughs from the search engine (plumping up the "popularity" metric).
it's coming... (Score:3, Funny)
McAfee for Droid... ugh
Re: (Score:2)
McAfee for Droid... ugh
McAfee + Mobile Phone = Hot Brick In Your Pocket
Stewie: Oh joy! I can't wait to get one
It's here (Score:3, Informative)
Honestly though I'm tired of Lookout Mobile doing this fear mongering. I'll give them credit though, they are smart guys -- and based on their defcon presentation, they know a lot about Android sercurity. But stop with the scare tactic PR news stories. This would be akin to saying "Virus found on The Pirate Bay, news at 11." I know they need PR because they are a startup, but c'mon.
Re: (Score:2)
They're right (Score:4, Funny)
This is PC vs Mac all over again.
Amen! (Score:2, Interesting)
It's all downhill for iOS from here on. Jobs will kick the bucket ending both the reality distortion field and Apple's market responsiveness.
Android will gradually take most developers and users by virtue of being "just open enough", much like Windows. We've even got Blackberry going for Android apps, ala Dr. DOS. A behemoth spewing a billion dollars on marketing and payola pushing their unwanted child called WP7 (OS2). And we'll all end up running MeeGo (Linux) on phones originally designed to run Andr
Re: (Score:2)
I'm not so sure on the developers front. My experience this past year releasing apps for both Android and iOS was that sure I had more downloads of the free "lite" app from android, but iOS accounted for well over 80% of my revenue. And the type of apps I produced really don't work for advertising. I used Admob for both platforms. They are utility apps, not content apps so you don't get a lot of impressions. Problem is, Android takes more of my time to sort out minor problems between OS versions and ha
Re: (Score:3)
Apple's iOS will certainly maintain some reasonable user base, but the market shall never grant dominance to a control freak. Sorry but people go their own way. iPhone are cute, but kinda old hat now, and all identical. Android otoh has an ever growing rainbow of flavors & features that'll seduce most users eventually. And young people are way more familiar with Java than Objective C meaning Android will see more & more regular the apps first.
Apple has always been pleasant for a certain type of
Re: (Score:3)
iPhone has something going for it in that you are "safe" using it because it protects you from yourself, and most users need that. Android assumes competency, and that's why it is open to millions of attacks.
That's why I stick to iOS development (Score:2)
Because in the long run it's better to support the platform looking out for the consumer's best interests.
I 100% agree with that statement.
And that's why I stick with iOS development, possibly moving into WP7 development at some point.
Because I have lived through years of the PC model of security, and see the whole system brought to its knees by malware and spyware. Going forward into a new platform, I simply refuse to support a system that I see as trying to carry forward the old PC "anything goes" model
The imortant part of the article: (Score:2)
So pretty much you stay away from the untrusted markets where they download the app from the trusted market, append virus, rinse, and repeat and you should be pretty good...
Not in Android Market ... (Score:2)
It's spamming Google Trends / Suggest / Instant (Score:5, Insightful)
If it's doing searches in bulk like that, it's a search spam program. It's exploiting a vulnerability in Google.
Google Trends [google.com] lists "hot searches", what's being searched for in Google in recent hours. Google Trends drives Google Suggest, the hinting system for Google. That in turn drives Google Instant. Which, in turn, aims users at the target sites. Which are probably full of ads. Profit!
Spamming of Google Trends has been around for a while. It used to be easier, and you'd see things like the name of some mattress discounter at the top of Google Trends for 15 minutes or so. (I ran a program to follow the trends in Google Trends for a while. It was amusing.) Google seems to now be averaging over more hours, so the spammers have to up their game and use a distributed attack to push their keywords up.
This is the trouble with "crowdsourcing" recommendations. It's too easy to fake a crowd. Yelp, CitySearch, Google Places - they're all choked with recommendation spam. Anonymous recommendations are junk information. And no, requiring a Facebook account won't help. There's an app for that. [facebookdevil.com]
Google is now trying a "mark as spam" button in Chrome to identify "content farms". If that starts mattering, it will be spammed. The same applies to Blekko's "slashtags".
Re: (Score:2)
Yeah search master? You sure it's not using Baidu?
From the source..
Re: (Score:2)
At least they saw it hitting Baidu. But it gets its target list from the botmaster's server. What it hits may change depending on current orders.
OK Verizon, you made your point (Score:2)
Oh Look, A Non-Story (Score:2)
Be sure not to download anything from a source you don't trust, because then you might get viruses, and then bad things can happen.
Its incredibly stupid when stuff like this happens, because its not really 'malware' in the sense of Android having a flaw which allows code to be executed, but rather idiots who expressly give this permission to this code to run, when they get it from a non-trusted source.
User Error. If Problem persists consult your user vendor.
So it's a Trojan, no big deal. (Score:2)
It's just a trojan horse on an alternative app market.
Just like on the PC you have to exercise caution as to where you get your apps.
Good thing it's not a security vulnerability, like one that allows an attacker to get root access to a phone, that needs patching to fix.
Wallpaper with internet connectivity? (Score:2)
My understanding* is that at install time, an Android app has to list what permissions it wants to be able to operate [android.com]. If I was installing some new wallpaper and it demanded internet access, I'd abort instantly. So does this attack only work against naive users?
* I don't have, and have not used, an Android or other smart phone
Re: (Score:3)
No, the app would simply bill itself as needing to download new wallpaper occasionally.
Google should add firewalling to Android (Score:2)
It's a travesty that Linux has such a good firewall system available in its kernel, yet Google is not using it to enhance security of Android devices as standard. The Android permissions checks alone are not enough, far too coarse and inflexible.
It's true that you can root your Android and install a firewall yourself, but that invalidates your warranty, and if you bought a high-end phone or tablet then you don't want to lose your warranty in case the hardware fails.
It's a very poor situation, and it's gett
Re: (Score:2)
How would a firewall help in the slightest? This is http traffic from an app that has already been approved (buy the user on install) as having full internet access. All you could do with a firewall is pop up a message on the first use saying something like:
"Oh I know you already said this app could access the internet but it looks like it actually is. Are you _sure_ this is ok?"
Not that I don't think that Android permissions can improved but firewalls are _hard_ to do in a protective and useful way
First post for Adra analysis (Score:2)
Just end-users being ignorant (Score:2)
Really? The Big Red Text kinda catches my attention. It's supposed to. You even get a pop-up when installing that informs you about the app's resource usage.
It's not like the application circumvented Active-X or IE, or somethigng to get installed. It needs ignorance to work. Google the friggin app and author before installing. This is no different than installing crap from warez sites or bittorren
Wallpaper? (Score:2)
ROMs are a bigger threat (Score:3, Interesting)
Android needs user-selectable permissions (Score:2)
The android security model is fairly fine grained, certainly much more so than what we see on conventional desktop OS's, and has a pretty tall wall between apps. Note that the malware was not stealing user data from other apps, it is just a spambot, only stealing CPU cycles and bandwidth.
The main problem I have with the android security model is that the only recourse you have for a questionable app is to not install it in the first place. I'd prefer see the ability to selectively deny permissions, so you
Re:So remind me again... (Score:4, Informative)
Re: (Score:2, Interesting)
I still feel my Blackberry is the best device for security, but then we're pretty much all forced to use relatively insecure networks so maybe it's not the biggest deal.
Re:So remind me again... (Score:5, Insightful)
If you're a registered iOS dev you have a CC on file with Apple.
And surely the large, well-financed criminal organizations behind most modern malware could never possibly obtain a credit card number that's not their own.
Re: (Score:2)
It's $99 to sign up as a developer. As long as you make more than $99 before you get banned, you're coming out ahead.
Re:So remind me again... (Score:4, Informative)
Pre-paid Visa cards are available at Wal-Mart for $3.
Becoming an IOS dev costs, what, $99?
So it costs just $102, then, to get a shot at pushing some malware which will hopefully make the author(s) some money. This really isn't a very high bar.
Re: (Score:3)
Of course, the fact that there is very little malware for iOS and tons of it for Android tends to confirm it as well. Pe
Re:So remind me again... (Score:5, Informative)
Perhaps the problem is simply that it isn't widely publicized. Please allow me to attempt to rectify that:
Hey, malware authors! You can pounce on unsuspecting iPhone owners for only $102! All you need to do is get a disposable pre-paid Visa from Wal-Mart, and pay Apple $99 for a disposable dev account! And remember, kids, it takes money to make money! Happy phishing!
There. That should do it.
Re: (Score:2)
Perhaps the problem is simply that it isn't widely publicized.
There. That should do it.
If that doesn't work, you can always write malware to spread the word.
Re: (Score:2)
Better add a Mac and iPhone to the list; you won't code an iAnything without those, you know.
You could buy one of each using the same stolen credit that you paid for your developer's license with.
Re: (Score:3)
As I said, it appears to be high enough. Anyone can put together malware for android and get it distributed with no investment other than the time and effort it takes. To put an app in Apple's store is not only not free, it's also not a sure thing your app will be approved. And finally, there is no money in Android, whereas quite a number of people do make a living developing iOS apps.
Well if we're going to split hairs, it costs $25 to get a licence key to use Google marketplace, although it's free to develop apps if you shove the apks on your own site. Also, you claim there is no money to be made in Android which is strange seeing as an ever increasing number of popular and well known apps are appearing there.
I certainly don't see $99 being ANY barrier to entry if a malware user wished to upload to appstore. If they make more than $99 then it's been a profitable exercise. I expect th
Re: (Score:3)
Good job using 'iOS malware' as the search query. It returns under 1.4 million hits compared to the 7 million some odd for 'android malware'.
Trouble is 'iphone malware' returns 71 million hits.
Re:So remind me again... (Score:4, Informative)
And going by the top 10 hits, not a single one affects non-jailbroken iPhones.
Re: (Score:3)
Cisco lost the iPhone trademark through non-use before Apple started using it. And Apple licensed the iOS trademark from Cisco.
So in neither case can it be described as stealing. Was that a troll, or are you just ill-informed?
Re: (Score:2)
Requiring evidence for a spurious assertion is the best refutation of all.
Re: (Score:2)
The hurdle of creating an application and getting it accepted is a much bigger factor than the cost of a developer subscription.
Whilst you can of course submit variations of some generic application, Apple is taking an increasingly hard-line on apps with little apparent customer benefit, so they may well get rejected, the whole process taking about a week for each iteration.
I would also not be surprised if Apple rejected developer account applications paid with pre-paid payment cards - they certainly check
Re: (Score:2)
Same for the Android marketplace - they do a credit background check on all publishers.
Oh wait - this is a Chinese app store and I doubt many of the submitters even have credit.
Re: (Score:2)
The iOS app store can have it's fair share of malware too. It's easy to hide snooping software behind a simple game for example. In fact, all apps can access the contacts list, recent youtube searches, email settings and even non-password field keystrokes [cnet.com].
So are you trying to claim that Android actually has a much higher market share than iOS because it is hit by more actual malware? Or are you just whistling in the woods?
Re: (Score:2)
The iOS app store can have it's fair share of malware too. It's easy to hide snooping software behind a simple game for example. In fact, all apps can access the contacts list, recent youtube searches, email settings and even non-password field keystrokes [cnet.com]. When developers submit apps they only submit the binary and not the source code so Apple's app approval monkeys basically only cover what they can see. This "walled garden" argument is stupid for this reason.
I also expect the approval process is more geared to validating an app "works" and doesn't violate the ever-shifting, wibbly-wobbly, pernicious T&Cs. On the security side they probably just run the app through a scanner of some sort that looks for suspicious code which flags the app for human security review. I expect Android Marketplace works in a similar fashion when it comes to security reviews although they don't especially care about the app's quality or what it does (although it can't be a rival
Re: (Score:3)
The iOS app store can have it's fair share of malware too. It's easy to hide snooping software behind a simple game for example. In fact, all apps can access the contacts list, recent youtube searches, email settings and even non-password field keystrokes. When developers submit apps they only submit the binary and not the source code so Apple's app approval monkeys basically only cover what they can see.
And yet we aren't seeing iOS malware like we're seeing Android malware. So why is that?
Well don't underestimate the app store reviewers. They found an app crash bug in my app which neither me or my partner had found in testing. Could be chance, but it was deep enough down and involved changing settings, that I'm assured they are exercising the app enough to have a good understanding of it's functionality.
Then, if you use ANY non-public API calls in your app, it will be rejected. Which means that Apple are r
Re: (Score:2)
We're talking about an unofficial market place for android, I'm not sure how that's really different then downloading 3rd party iOS software like I used to with my jailbroken iPhone....
But ya, enjoy your walled garden comforted in the fact Steve Jobs is protecting you while you sleep. Sort of like people that install Linux and say they are unhackable
Re: (Score:2)
Apparently
mkdir android ; cd android ; repo init -u git://android.git.kernel.org/platform/manifest.git ; repo sync ; make
is supposed to shut iPhone users up. Or something.
Re: (Score:2)
As always, I'm gobsmacked by the openness!
Re:So remind me again... (Score:5, Insightful)
...why Apple's "Walled Garden" for the iPhone is such a bad thing?
Because you can't choose not to use it.
The non-story here is that people carelessly installing bad software from ALTERNATIVE android marketplaces got malware.
Newsflash, if you want assurances of software without malware, don't shop at the internet equivalent of the chinatown night markets.
If you want to be as safe as apple's walled garden, stay within the official marketplaces and you get that.
Re: (Score:2, Insightful)
Re: (Score:3)
Because there's nothing preventing another trusted store to open up, as it happened with Palm, Java-capable dumbphones and hell, even desktops PCs. With Apple, it's their way or the highway and if you don't like it too bad so sad, now try to find a security bug to exploit so you can gain control of your own goddamned phone.
Re: (Score:3)
The same way you know a software download website is legit: word-of-mouth, user reviews, past experiences, the trust of other websites you already trusted beforehand and so on.
You know, the same way you got to trust Our Holiness Stevie in the first place, as I doubt you were his classmate in high school or such.
Re: (Score:3)
Re: (Score:2)
Most people would take the other choice. 300,000 app choices with safety is better than 300,000 app choices from multiple stores, with some of it being malware.
The openness at the expense of all other considerations is an extreme ideology that one doesn't see much outside the pages of Slashdot.
Re:So remind me again... (Score:4, Insightful)
So how do I do that without paying Mr. Jobs for the privilege of using something I already bought?
Re: (Score:2)
You don't. Who the fuck cares about your own personal rules about what you will program on and what you won't. Go with the Android if that floats your boat. Its not as if there are any shortage of iOS app developers who are prepared to spend $99.
Re: (Score:2)
Because Amazon could start another legit market, or maybe you could write your own apps?
Re: (Score:2)
shopping on an app store that contains infected apps is not a guarantee that your phone will get malware on it.
The golden rule is "dont download apps you dont trust".
that said, it would make me wary of anything on those alternative stores...
Re:So remind me again... (Score:5, Insightful)
If you want to be as safe as apple's walled garden, stay within the official marketplaces and you get that.
The other alternative would be if the OS asked for user permission before an application could access the internet (just one time, not every time). This is what my old Nokia (running Symbian) used to do. It works the same way as how the iPhone prompts to allow programs to use location services.
I am more worried that a program leaks data or uses all my download quota much more than whether it knows where I am.
Re:So remind me again... (Score:4, Interesting)
The other alternative would be if the OS asked for user permission before an application could access the internet (just one time, not every time).
Not very effective because almost all applications use the internet - at least a little. What would be good is if the application made a request to use the internet and provided an estimated maximum amount used in the dialog. For example, screensaver X requests to use the internet and estimates that it will use under 2MB per month. Now the user knows more about what is happening and the OS can ensure the app does not break it's promise. Advanced settings might even allow the user to restrict the application to specific domains.
While this does not offer a complete solution, it would help prevent apps from running up usage charges.
Re: (Score:3)
For example, screensaver X requests to use the internet and estimates that it will use under 2MB per month. Now the user knows more about what is happening and the OS can ensure the app does not break it's promise.
And you guys wonder why Apple gets such a large marketshare...
And now I see how the UAC got to be the way it was, over many discussions of what is "reasonable" just like that one.
Re: (Score:2)
Android already does this. When installing an app, it displays all the permissions an app can use, and you get to accept or reject the app at that point. After accepting and then installing the application you no longer get prompted. Network Access is one of the permissions that must be requested by the app.
It would be nice to have some granular control. I often install apps, which for some reason or other require internet access to begin with - but don't need it after that for any reason. There isn't an option to block an app from accessing the net once it has been granted/installed.
Re: (Score:2)
Certainly you can choose not to use it: don't buy an iPhone if you don't like their walled garden approach.
Re: (Score:2)
I chose to not use it by not buying an Apple device :-/
Re: (Score:2)
Because you can't choose not to use it.
The non-story here is that people carelessly installing bad software from ALTERNATIVE android marketplaces got malware.
Well, good thing there have never been malware apps on the NONALTERNATIVE Android Marketplace then. No, wait. Oh, well, at least Google could remote wipe them from your phone.
Re: (Score:2)
"Because you can't choose not to use it."
http://cydia.saurik.com/ [saurik.com]
Right, so you root your iPhone and then you get iPhone malware [arstechnica.com].
People keep talking about walled garden etc. I don't know if anybody has ever heard about this method I use: It's called "don't run binaries from untrustworthy places" and it's been working pretty well for about as long as I can remember.
Re: (Score:2)
Really? Because the last time I checked, most Android phones had to be rooted if you wanted to install the latest versions of the OS.
Re:So remind me again... (Score:4, Informative)
Yes, because installing third party firmware is EXACTLY like installing applications, which is what the thread has been about.
YES, you need to root most Android phones in order to install third party firmware, such as CyanogenMod. NO, you do not need to root your Android phone in order to install apps that haven't been explicitly allowed by the phone's manufacturer, included alternative app stores.
Protip: Strawman arguments work significantly better when they aren't so bloody obvious.
Re: (Score:2)
Yes, because installing third party firmware is EXACTLY like installing applications, which is what the thread has been about.
It is when you have to install the firmware to run the applications.
YES, you need to root most Android phones in order to install third party firmware, such as CyanogenMod. NO, you do not need to root your Android phone in order to install apps that haven't been explicitly allowed by the phone's manufacturer.
You do if they will not run on your shipped version of the OS.
Protip: Strawm
Re: (Score:2)
So long as the application supports the version of Android your phone is running, you can run any damn app you want.
But that's exactly what I mean. With many apps making use of newer features, you are pretty much required to install an OS update within a year. For most Android devices, that will mean custom firmware versions because carriers have been mostly slow to let changes roll out.
The GP post was a strawman, because he was substituting an argument about firmware in a discussion about applications.
S
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
What? Yes you can. Don't buy an iPhone.
OK done. Now how do I make an iPhone app and distribute it to all the iPhone users who want it if Apple doesn't like my app?
So how is restricting yourself to an official marketplace different from having one iOS store? You're arguing in favor of a walled garden!
I love how Slashdot bashed Windows for over a decade about its malware, but when malware happens to a Linux-based OS, it's deemed a "non-story."
One of the big reasons "real" Linux doesn't get malware is that it uses a package manager for most software installation. If you download some random binary from the internet, it doesn't have the execute bit set by default so you double click on it and it doesn't run. But if you know what you're doing you can flip the bit and run it, without breaking any laws or anything. It's like hav
Re: (Score:3)
Re:So remind me again... (Score:5, Insightful)
If you stick to the market for android you would not get these trojans either. The fact that you are not forced too is a good thing.
Re: (Score:2)
If you stick to the market for android you would not get these trojans either. The fact that you are not forced too is a good thing.
Indeed, the summary may as well have read "Pirated software downloads found to contain malware. In other news, water discovered to be wet, fire still hot, and France surrenders".
Re: (Score:2)
The walled garden is not perfect either (how could it be?).
I believe there is a happy medium...and Google would do well to find a solution to this problem before we all require anti-virus apps on our android phones.
They went after something like the windows model, but surely we dont want to copy ALL of it...
Re: (Score:2)
Re: (Score:2)
Because it doesn't work. Worse yet in instils a false sense of security in its users.
There is nothing stopping the same kind of attack in IOS, in fact like Android its designed to allow programs access to the internet. Instead of being aware of security issues, you're relying on someone else to spot all the badness in the world for you and it's not like Apple have let malicious programs into their walled garden before.
Re: (Score:2)
From the article:
"As of now, Lookout Security is only aware of the HongTouTou Trojan affecting users on Chinese forums. It does not affect any apps in their original versions available on the Google Android Market."
In other words, only app pirates were affected.
Re: (Score:2)
...why Apple's "Walled Garden" for the iPhone is such a bad thing?
Because it is constraining, anti open source, anti consumer, anti competitive, highly restrictive, doesn't even carry certain kinds of apps, imposes limits on other kinds of apps.
Yes there are bad things on the Internet but let's face it, unless you bought a shitty no name phone / tablet from a Chinese seller which was preloaded with some dubious alternative to Google Marketplace, you're *never* going to see this app. If by malice or misfortune it did turn up on Google Marketplace (or appslib or Amazon'
Re: (Score:2)
Yes, I know most phones are su
Re: (Score:2)
Of course they do (Score:2)
The iPhone has firewalls. [iphonedownloadblog.com]
The thing is, people running the stock OS have no need of a firewall.
Re: (Score:2)
Live wallpapers are programs that write to an always-visible canvas, and thus need to be installed.
Some wallpaper apps keep their libraries online, and provide an easy-to-browse catalog of images. You only download the ones you want.