Thanks Nick. I enjoyed the article. Does anyone know about any efforts to crowd source ratings for applications and to black-list trojan apps? For example, I've read research papers discussing how Android apps can leak sensitive information to remote servers (e.g. Ad servers and servers in other countries) which the user would find surprising. Given that the current permissions model provides a coarse grain of control, it would be nice if there was a community project to supplement information on available applications. Similar services currently exist for phishing sites and websites in general, e.g.
http://www.phishtank.com/ http://www.mywot.com/ Anyone know if there's already an open or community project like this to rate Android apps? Very simply, such a service could provide a simple app that only accessed the package manager and the network. Using the package manager, the app could simply enumerate applications on the device and check them against a crowd sourced black-list on the server. Thanks, Dan On Wed, Aug 11, 2010 at 2:10 PM, Nick Kralevich <[email protected]> wrote: > > The best article I've read has been the following: > > > http://thenextweb.com/mobile/2010/08/10/first-android-trojan-surfaces-but-its-anyones-guess-how-you-become-infected/ > > As for countermeasures, there's already plenty: > > 1) Installing this application outside of market requires that you > explicitly disable the "Allow installation of non-market application" > settings, which generates a huge warning. > 2) Attempting to install the app clearly shows it is "a service which costs > money" and "sends SMS". Common sense would indicate that a media player > shouldn't do that. > > I think Google's statement on this matter pretty much sums up the > countermeasures: > > """ > Our application permissions model protects against this type of threat. > When installing an application, users see a screen that explains clearly > what information and system resources the application has permission to > access, such as a user's phone number or sending an SMS. Users must > explicitly approve this access in order to continue with the installation, > and they may uninstall applications at any time. We consistently advise > users to only install apps they trust. In particular, users should exercise > caution when installing applications outside of Android Market. > """ > > IMHO, this is just irresponsible fear mongering by anti-virus vendors > attempting to sell their product. > > -- Nick > On Wed, Aug 11, 2010 at 12:01 PM, Dan Hein <[email protected]> wrote: > >> See >> >> http://news.cnet.com/8301-27080_3-20013222-245.html?tag=topTechContentWrap;editorPicks >> >> Does anyone know any more about this? >> >> I assume this trojan app is not available on Market. >> >> Obviously, this is a social engineering attack, but does anyone have any >> ideas for countermeasures that could be used in this scenario? >> >> Thanks, >> Dan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<android-security-discuss%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
