android's fine-grained security permissions, where the author has to explicitly request each type (network use, prevent the screen from turning off, etc.) and the user is shown the list of permissions requested before installing, is good from a security standpoint, but i think it's ended up being like windows vista. users either don't read, don't care, or don't understand what is being asked of them and they just click whatever is needed to continue. even an advanced user can't tell the difference between a free app requesting network access to download advertisements and a malicious one using it to upload private information.
True. That's sort of ok as long as advanced users can tell when something fishy is going on and flag the app.
even an advanced user can't tell the difference between a free app requesting network access to download advertisements and a malicious one using it to upload private information.
Also true. The Internet and SD card permissions are all-or-nothing, and therefore essentially useless. Apps should be able to declare that they only contact specific hosts or access specific directories, and there should be a standardized directory for per-app storage, like "Application Support" on OS X.
Isn't the Apple approach to host the ads themselves? While app developers still get data access, at least there's a healthy isolation between the client and the advertiser. Apple can certainly provide things like basic client stats and direct ads appropriately based on location.
The Windows anti-virus / anti-spyware model is too flawed to be trusted. It's like having a bouncer at the door of a party that keeps out offenders from previous parties. The default is to trust everything else, so every zero day attack can get through. Defaulting to not trusting things and only allowing what's known okay would be far more effective. If apps had to request all net connections through IPs stored at Apple/Google etc, the potential to direct to some hostile developer or botnet would be greatly reduced. Although the plans may be for video and other high bandwidth content streaming, that huge server city Apple is building could certainly host any static non-generic content apps need, and perhaps be a proxy for much of the rest (news sites etc). Google certainly has the infrastructure to do something similar. Granted Google is better set to do that on a global level.
Even advanced users can be tricked if granting access for something trivial opens the gates to something nasty. At least on a consumer device it makes sense to protect users from themselves. Limiting hosts and local directories is certainly prudent.
if i did something in google maps and it popped up a dialog asking for access to my call logs, i would certainly deny it, but i just did that update this morning and didn't even notice anything about it accessing my call logs.
You bring up an astute point on the vague "network access" permission, but there's really not an easy answer to this. How would you fix it? Ask the developer to simply say what the access will be used for? In an malicious app, they'd obviously just lie. Short of actually displaying what data an app is sending, I don't see an easy answer.
I suspect people would ignore it anyway.
How would you fix it? Ask the developer to simply say what the access will be used for? In an malicious app, they'd obviously just lie. Short of actually displaying what data an app is sending, I don't see an easy answer.
maybe show a list of domains it's allowed to resolve/contact? i guess that wouldn't make it any easier for most users to decipher though. i think a lot of free apps require network access just to download ads; maybe there is a better way (in the android api) of handling that to segment it away from full-blown network access?
maybe have a set of permissions common to each category? it's expected that a web browser app has access to do a lot of things, but if you have an app in a wallpaper category that requires those same set of permissions, it should be raising a red flag somewhere.
perhaps apple's app review process wasn't so crazy after all...
android.permission.ACCESS_COARSE_LOCATION
android.permission.ACCESS_NETWORK_STATE
android.permission.INTERNET
android.permission.READ_PHONE_STATE
android.permission.SET_WALLPAPER
android.permission.WRITE_EXTERNAL_STORAGE
It seems strange for a wallpaper app to require internet access.
I have decided to not install apps that ask for too much several times.
Maybe another way to categorize the security rights is needed.
1. Google has failed to tell any of us this, 2. I don't even know if I had any of the vendor's applications in the past, as they have been removed entirely, AND 3. Google has failed to tell any of us this!
I mean what the hell, at least send us an email telling us that because we downloaded AppXYZ, our data has been compromised by some low-life(s) in China. I'm going to end up being a lot less likely to download random apps now, not only because of this really sketchy incident, but because of the lack of transparency on Google's part.
Damn.
I was going to say "I can't imagine Google hushing up a security issue", but it does have the potential to get thrown in their face by Apple, "See, our walled garden is a good thing." (Not that I believe for an instant that Apple's approval would catch something like this.)
Yes, and they already used it a few weeks back: http://android-developers.blogspot.com/2010/06/exercising-ou...
Wallpaper, cursors packages, screen savers and other dumb 'customisation' gadgets have been malware vectors on the windows platform for about 15 years now, why would phone platforms be any different ?
It was uploaded to Android Market and provided by Google, who as an arbiter of content, should realize that 'collect phone data' isn't an appropriate permission for a wallpaper.
I really think that goes one step too far, that's exactly what apple does with their market place and I think that is a big part of the problem.
The ultimate responsibility of what you run on your computers lies with you, not with some entity providing you with a convenient way to get at a catalogue of stuff.
This application seems to be malicious, and it seems that the security model is not broken, after all it asks for the permissions very explicitly.
Now if only people would read those warnings and think for a bit before clicking 'ok'.
This is analogous to people receiving an email that instructs them to open a malware attachment.
It's simple, if you haven't inspected the source and it doesn't come from a source that has inspected the code and that gives you a guarantee that you can trust the stuff you download then you can not trust it.
Pushing the responsibility to Google is utterly unfair, they could never in a lifetime review the source code of every application that every android app developer throws out there.
As with many things in this area Apple has ridiculous mindshare so app store means control for many people, and that extends to imagining that Apple scrutinizes for security issues such as this (rather than censoring cartoons displaying alternate lifestyles).
Does anyone know the app name?
The article doesn't mention which app was malicious however they did mention that the app publisher went by the name of "jackeey,wallpaper".
I ran some queries and it seems like the developer that publishes apps under "jackeey,wallpaper" also publishes under "jackeey.wu".
A list of the apps published by this developer are here (most of which are wallpaper apps):
http://andbot.com/developer/jackeeywallpaper
http://andbot.com/blog/index.php/2010/07/29/android-apps-sus...
In my opinion, they should have a quality assured Market, but keep the ability to load .apk files whenever you want (and also the ability for others to create their own marked).
Quality assurance on market should mainly be about maliciousness of applications.
It sounds stupid arguing for android to be more closed, but really Google is very slack with their Market.
If the App requests permission, wtf do you expect? I don't think Google even has an obligation to remove or crackdown on these types of apps.
At the very least malicious apps need to be removed quickly, along with spam + scam apps.
As far as I know none of those allow reading your browser history or text messages, and certainly not your voicemail password. We need to see a network capture of what was sent to their site.
Anyway, I just checked, and the wallpaper app I had wasn't from jackeey. It's a top free app on the marketplace named Backgrounds by Stylem Media. And, it requires access to network communication, personal information, storage, phone calls, and system tools.
I have no idea how the warnings are generated. Maybe devs are just including random libraries in their app (copy paste?) which are setting off these warnings? If not, why does this wallpaper app need my personal info?
Anyway, good wake up call, I will definitely be more careful wrt what I install on my phone.
EDIT: App request: something that logs/polices information going out from my phone. Firewall? we'll be needing a anti-virus next :(
This seems like a clear warning to me for wallpaper app. Would you install such an app on your PC/Mac?
1. The current approach (which made it possible for the wallpaper app to steal user data from millions of users)
2. Prevent apps from accessing data such as voicemail-password, web-browsing history etc. (but it is possible that some apps may have a legitimate reason to do this and blocking these apps may not be fully consistent with the open platform goals)
3. Throw a big warning message EVERY time an app tries to access sensitive data (or perhaps for the first 10 times and the first 10 days...). It is a compromise solution, but users may find this annoying.
Either way, this is a somewhat tough problem.
Do the security dialogs reflect the differing levels of importance of the data you're providing access to? If an app is requesting access to my voice mail password, I'd expect a pretty big red strobe light stuck on the dialog; something to really catch your attention, especially if you're trying to 'yes' your way through 9 (number stated by jsz0 for Google Maps) of the things
