OK go on and say it – Nik you have something against the Android.
I don’t. I really don’t. I don’t like the whole Android eco-sytem or the whole fractured distribution model but I personally have nothing against Android. It was a bold and ambitious move by Google which certainly did pay off very well. At least for Google. So what if the consumers were the collateral damage in the war between Android and iOS? Who cares?
This week a recent report [PDF] by the German security firm G Data highlights the presence of at least 26 Android Models which are shipped with Pre-installed malware on the phones.This malware is usually in the form of spoofed apps, for instance Facebook which are already installed on the device with a much extended set of permissions that are required by the original app to function along with a malicious code base. This allows the installer of this dubious app to carry out a complete surveillance of the phone without the user’s knowledge or permission. From the report I quote
EXAMPLE: MANIPULATED FACEBOOK APP
A common method is to manipulate a legitimate, popular app such as the Facebook app. All of the usual Facebook functions are available in the manipulated version. Users do not notice the surreptitious access, but the range of functions is expanded by the attached malware, enabling third parties to access the
entire device without asking for the user’s consent. The permissions have already been approved by the owner prior to commissioning the device. Hence the user only notices the malicious app when he installs a security solution such as G DATA INTERNET SECURITY FOR ANDROID.
Now to be fair to Android and the OEMs the security firm does suspect that this is some kind of a man in the middle attack. The experts suspect middlemen are behind this, who have changed the firmware so that they can potentially steal user data and make money through advertising. My contention however is that the middlemen are able to do this because of such lax controls around Android. I don’t see an immediate resolution to the problem of this fractured universe in fact if the trends are to go by it would appear that this would become much much worse before it gets better.
This is a partial list of the handsets/models which have been identified in this report
Facebook was one such app that had been hijacked by the bad guys, infected with the Android.
However, the researchers also point out that monitoring malware that can hide itself, by coming already pre-installed, so avoiding any opportunity for the owner to review these permissions during installation, is an altogether different proposition. Among the spyware apps that G Data discovered being used for nefarious purposes out of the box was one pretending to be the Google Drive app but actually identified by researchers as Android.
That is a pretty good point, thanks!