Open Android Marketplace Raises Concerns about Mal-Ware

[MacRumors]

Wired reports that the first malicious application for the Google Android Marketplace may have already appeared. There are reports that an application called MemoryUp results in erasing data on the phone and corrupting memory of the phone.

“Doesn’t work at all erased my phone numbers and froze my phone," allegedly wrote a user according to the Geek.com site.

The developer of the application, however, appears to be a long running developer and denies their app could be causing the problem:

The application's developers deny those claims. "We are very disturbed by these reports," says Robert Lee, chief technical associate for eMobiStudio. "Whatever damage is out there has not been done by our product."

Looking at the original report on Geek.com shows that the evidence that this was an intentionally malicious app to be quite flimsy (unverified app review comments only). The app has been pulled in the meanwhile as it gets sorted out.

Still, Google's unregulated Android marketplace makes them more vulnerable to these sort of concerns. In contrast, Apple tries to hold more control over their App Store and manually approves all applications that enter the App Store.

Article Link: Open Android Marketplace Raises Concerns about Mal-Ware

 

[leandromp]

Hahahah!
Thanks to apple i dont have to worry about that.

I dont know how people actually believed on this phone and the marketplace.

 

[plumbingandtech]

maybe they should name it the:

Android Sat. Swap Meet at your local Drive In.

Instead of market place.

Seems more like that then apple's high end retail experience.

 

[theheadguy]

Is there malware available for jailbroken iphones? (no need to preach the gospel re: jailbreaking iphones) just wondering if malware has or has not appeared when not within the confines of the app store.

 

[jbode]

Is there malware available for jailbroken iphones? (no need to preach the gospel re: jailbreaking iphones) just wondering if malware has or has not appeared when not within the confines of the app store.

Yes, there is malware, but it is very rare because people that create these apps have no good place to make them available. It will be impossible to stop all malware, but the app store and other widely used services do a great job of not allowing malware to be accessed in their markets.

 

[aerospace]

Have not heard of any malware on jb software(lots of unintentional bugs since you can release even beta software), though even in cydia/installer it's up to you to install repos that you trust, giving you a level of control.

 

[MarkMS]

Have not heard of any malware on jb software(lots of unintentional bugs since you can release even beta software), though even in cydia/installer it's up to you to install repos that you trust, giving you a level of control.

I remember reading about a "trojan" and promptly posting about it on MR.

Here's the link to the thread: https://forums.macrumors.com/threads/411971/

I'm just glad that Apple has put some measures to keep malware out of the iPhone. Also love the "kill switch" feature to where they can automatically remove a malicious app from the phone.

 

[jkimbro0316]

And this is why I'm glad I have the app store that doesn't allow mal-ware lol. But on a serious note, wasn't this kind of expected considering anybody would be able to design applications for Android? I don't know, I kind of saw this one coming...

 

[NAG]

This was bound to happen. Let the FOSS nuts start spinning this as a triumph of openness!

 

[question fear]

Um...just like anything else, use your common sense when installing applications. Palm OS, Windows Mobile, and Symbian OS have all had open systems for years...symbian has even had a few trojans, though they've tried to implement ways to block those in the future.

The point is, it's going to happen to every system at some point. Just like installing an app on your computer, think before you do it, research what it does and who wrote it, and then decide if you need it.

 

[apfhex]

“Doesn’t work at all erased my phone numbers and froze my phone," allegedly wrote a user according to the Geek.com site.

Whether or not this report is true, some people out there can manage to screw up their devices this bad no matter what app they're installing.

 

[AndroidUser]

Yeah, you're right, apfhex, whether or not this particular app is malware is yet to be seen, but from the comments in the android market, it seems like most people out there who own one, don't know how to use their phone.

There are also a lot of people who got the G1 who download an application without even reading the description and then run it. I bet if you released an app that was called "Restore to Manufacturer Default", and said in the description that it was going to reset all of your settings and contact data, there would still be some G1 users who used it and then complained.

Then there are the people who expect iPhone-quality apps without wanting to wait for people to learn how to code for the platform. When the first generation iPhone came out, there wasn't a plethora of well-coded apps. Why would there be for the G1?

You're not the only one who saw it coming; Google has the kill-switch too:

...if Google is notified by you or otherwise becomes aware... that a Product or any portion thereof... is deemed by Google to have a virus or is deemed to be malware, spyware or have an adverse impact on Google’s or an Authorized Carrier’s network... Google may remove the Product from the Market or reclassify the Product at its sole discretion. Google reserves the right to suspend and/or bar any Developer from the Market at its sole discretion.

(from the Android Developer Terms of Service: http://www.android.com/us/developer-distribution-agreement.html )

Also, the Android OS, being Java, has no need for memory cleaning software... if you Google for "Java garbage collection", you'll see why. A lot of the negative comments on that program were there so people wouldn't pay for a program that does nothing. (Well, it does hint to the OS that it should collect garbage, but the OS may or may not do so, and even if it does, only frees up a trivial amount of memory).

I think the fact that this guy (Peter Jiu) was charging for his program is what REALLY got people to have Google pull the app. It was pretty much a scam. It would be like me approaching a Windows user, and trying to sell them a program that automatically updates Windows.

 

[alexbates]

This is great news for Apple, but bad news for Google. One day, someone will come out with an application for the Android that includes a remote access trojan. All I can say to Android users is.... sell that thing now before it becomes useless when someone figures out how to corrupt your OS.

 

[shigzeo]

iPhone break ins too

we have seen a user report of his jail-breaked iPhone suffering from a would-be intruder who created a . directory in his /var/root section. who knows how bad these open platforms will be hit. i used to be into jail-breaking with my 1g touch but on 2g, not only not yet possible but, i just would rather not risk it unless i knew for sure there were counter-meassures.

 

[x13gamer]

In contrast, Apple tries to hold more control over their App Store and manually approves all applications that enter the App Store.

History has shown us it has been more like "Denies" applications.

 

[MikePA]

...some people out there can manage to screw up their devices this bad no matter what app they're installing.

Just look at the number of people who screw up jailbreaking.

 

[Stella]

The price of freedom, and well worth the risk.

Users don't need nannying like Apple do.

Do you people who like Apple's Nanny policy worry about rough apps everytime you install an OSX app from MacUpdate or versiontracker? No? Why not? The same risk. Smartphones are computers, just like Macs running OSX.

Oh, and apparently, this is roque app is just a rumour, Seems like this could just be a no issue:
http://www.reghardware.co.uk/2009/01/27/developer_denies_app_claims/

 

[AndroidUser]

Stella said:

Oh, and apparently, this is roque app is just a rumour, Seems like this could just be a no issue:
http://www.reghardware.co.uk/2009/01...es_app_claims/

The linked article even has this from Peter Liu (the developer of app in question):

The boosting algorithms employed in MemoryUp are not a disruptive

But Android apps are Java, and Java handles all the memory, as a programmer you don't really have control of when and how the memory is used. There's nothing to boost. This guy is charging $15 for the app, when it supposedly does something that the OS already does automatically. That's why there are so many negative comments. And also why people are saying that it deleted their contacts/SD cards. (They just don't want people to pay for nothing)

 

[cdinca]

The price of freedom, and well worth the risk.

Users don't need nannying like Apple do.

Do you people who like Apple's Nanny policy worry about rough apps everytime you install an OSX app from MacUpdate or versiontracker? No? Why not? The same risk. Smartphones are computers, just like Macs running OSX.

The price of freedom? Between taking care of my daughter, running my business, spending quality time with the wife, I just don't have time to worry about a cell phone. I think it is great that people like you have a platform to do whatever you want on a phone, but don't begrudge me my safe and easy phone. Apple's nanny policy doesn't impact my real freedom any more than not being able to put a fork in a microwave.

The iPhone is not for you or your life...great...but it fits my life perfectly.

 

[markgamber]

"“Doesn’t work at all erased my phone numbers and froze my phone," allegedly wrote a user according to the Geek.com site."

LOL! THAT is the criteria for "malware"? I wouldn't take that as gospel unless you want about 98% of everything ever written for any phone ever made to also count as malware. Including the iphone. Could this possibly be any more needlessly alarmist?

Oh right...Mac site. I suppose it probably could be more needlessly alarmist here.

 

[deadsouls]

good thing apple has such a strict app store since most iphone users are idiotic and can't even read instructions, review an app correctly, etc etc simple things most other humans have no problems with.

 

[Stella]

The price of freedom? Between taking care of my daughter, running my business, spending quality time with the wife, I just don't have time to worry about a cell phone. I think it is great that people like you have a platform to do whatever you want on a phone, but don't begrudge me my safe and easy phone. Apple's nanny policy doesn't impact my real freedom any more than not being able to put a fork in a microwave.

The iPhone is not for you or your life...great...but it fits my life perfectly.

Think to yourself: Are you as careful installing applications on your mac ( or whatever OS you use ) as you are iPhone? If not, why not? Where is the difference?

The reality is, the chances of installing rogue software on to any smartphone is pretty damn remote.

 

[grantsdale]

Then there are the people who expect iPhone-quality apps without wanting to wait for people to learn how to code for the platform. When the first generation iPhone came out, there wasn't a plethora of well-coded apps. Why would there be for the G1?

Uh, thats because there was no way to produce iPhone apps at the beginning, besides jailbreaking, and no SDK.

 

[tobian]

Think to yourself: Are you as careful installing applications on your mac ( or whatever OS you use ) as you are iPhone? If not, why not? Where is the difference?

The reality is, the chances of installing rogue software on to any smartphone is pretty damn remote.

iPhone is a mobile phone. It's a device for people, which do or don't understand computers.. primarily it must be able to do a phone call. G1 user, who lost it's contacts due to some stupid app, cannot do this.
Approval system in AppStore is to prevent user of using apps, which can attack i-phone call abilities.
Difference is on iPod Touch side.. this market would be open platform, as MacOS is.

 

[Sysbase]

That's definitely going to happen. I don't think there any way to regulate that if it's open source.