Malicious code was found in a patch disguised as an official Google update designed to remove malware from Android-powered smartphones, according to security firm Symantec.
The impostor Android smartphone security patch was discovered at third-party Chinese marketplace and is called "Android Market Security Tool," the same title Google gave its authentic over-the-air update.
Symantec's find is the latest development in the wake of a hack on about 50 Android apps at the Android Market that affected approximately 260,000 downloads.
The outbreak of the DroidDream malicious code prompted Google (NASDAQ: GOOG) to take measures to shore up smartphone security for the family of Android handsets and to issue an over-the-air update to remove the malware from users' handsets.
Click to expand...
Click to collapse
Found at internetnews.com/mobility/article.php/3927771
Probably won't affect many people here since it's in a third-party Chinese marketplace but I figured it was still worth posting.
From what I've heard the security tool is an OTA and you get notification by email. I'm not sure why anyone would download the trojan.
Related
Just a quick word of advice for those of you who are feeling a bit icky due to recent viruses and malware in the Android market – don’t download the Android Market Security Tool. The version in the Android market is clean and straight from Google, but you do not need to install this on your own. Google will use this tool automatically whenever they do a security sweep.
There’s another version on alternate app stores with the same name and icon, but these are injected with viruses. Do not download these either, for obvious reasons. Your best bet is to let Google do what they do and if you’re still feeling a bit vulnerable, check out official offerings from Lookout, AVG and more. (Or just do extensive research and check permissions on the applications you do download.) [PC World]
(source Phandroid)
I wonder if this will be highjacked and re-posted by someone again.....
Just came across this on Engadget Mobile, anyone know a way to fix it?
Eight Android phones, including the Motorola Droid X and Samsung Epic 4G, were found to house major permission flaws according to a research team at North Carolina State University. Their study revealed untrusted applications could send SMS messages, record conversations and execute other potentially malicious actions without user consent. Eleven of the thirteen areas analyzed (includes geo-location and access to address books) showed privileges were exposed by pre-loaded applications. Interestingly, Nexus devices were less vulnerable, suggesting that the other phone manufacturers may have failed to properly implement Android's security permissions model. Google and Motorola confirm the present flaws while HTC and Samsung remain silent. Exerting caution when installing applications should keep users on their toes until fixes arrive.
Click to expand...
Click to collapse
http://www.engadget.com/2011/12/02/some-android-phones-fail-to-enforce-permissions-exposed-to-unau/
I was just about to post this. I havent had any problems like that tho, i wonder wat apps are the ones taking advantage.
Googles Bouncer is basically an app-crawler that scans all the apps in the Android Market, including every new submission. It checks for known trojans and malware, much like a security app on your phone might, while also analyzing how apps run in a virtual machine, to try and ferret out new threats. Finally, Bouncer also tracks developer account behavior, so repeated offenders are caught when they open a new account to cause havoc with.
Another technique by google is use of sand-boxing to prevent malware from accessing data. it doesn’t have permission to the system itself, and the fact that Android is designed so that malware can’t make changes to the OS itself – which means all you have to do to clean an infected phone is remove the offending app.
what do you think of new security features?
I would be interested in sandboxing on my phone, do you have any tutorial links or just general information for me you can share?
Android Application Enablement.
Effective May 16th, 2011 select AT&T Android devices will begin receiving OTA push updates enabling access to third party application stores. Currently AT&T requires that Android downloads come only from the Android Marketplace. This reduces the likelihood of malicious apps being downloaded. The push updates will allow select Android devices to load third party apps from other servers, links and/or SD cards.
Push updates will begin with the HTC Inspire, HTC Aria and Samsung Captivate. Additional Android devices and tablet updates coming soon.
The update is restricted to customers with Android devices on version 2.2 or greater.
Android devices launching on or after May 15th, 2011 will have the setting ‘Unknown Sources’ displayed in the menu and will not require the update.
Once the application sideloading restriction is removed using our Over the Air method, or for newly launched devices, we urge business users to download Applications from “Unknown Sources” only at the request of their IT or Telecom manager.
Source for above is from:
bizcommunity.att.com/t5/Android-OS/Android-Application-Enablemen/td-p/2350[/url]
I followed the below procedure that someone posted on how they were able to get the push granted its almost 1 year old.
You need to request it from AT&T business data support. Phone number 800-331-0500 select other issues and when you get a live person ask for business data support. When you get another live person tell them you need the android 3rd party push. You should be good to go after they talk you through to make sure the unknown sources option is available in your applications settings.
However for me this is what transpired:
I called and spoke with a very nice lady called Nikki in level 1 support who could not find such a department. She talked to her supervisor who also did not know of such a department nor of this push. I gave Nikki the original post mentioned above and she said let me see what I can find out. She finally talked to someone in her department who knew of this push and gave her guidance.
Long story short..
Later in the day Nikki called me back and said "this was once available but since the new phones come with allow from unknown source this was pulled and is no longer available".
I remember the big uproar when Amazon app store opened and many phones were locked from non market apps and under this uproar AT&T
came out with an OTA to enable allow from unknown source. For myself waiting this long to request the push only to find its been pulled is discerning.
At least there is an alternative: http://forum.xda-developers.com/showthread.php?t=1109125.
Thats true. There are several ways that I am aware of. But my point was to show that within 1 year of allowing this push it was pulled.
BTW are the few issues with MMS and wallpaper resolved?
can anyone make a patch for all variants of hd2 roms from gb up i used the bluebox app to check if my phone was vunerable for this bug 13678484 (fake id) and my daily driver barebone cm7 v2b was, and id say all roms developed for hd2 are vunerable have searched the net for how to patch this vunerability but cant find the info abywhere this is something i think all xda devs for this device will have to sort out as we cannot get help from carriers on this as this is what advice is given "contact your carrier or phone vendor for patch. if anyone has advice on how to sort this out would be very thankful i think xda should run a piece about this vunerability and what steps are being taken by all devs on xda to patch this vunerabilitu for older handsets likemy hd2.
Bluebox Security revealed a significant security flaw that affects all Android devices since version 2.1. Our hyperbolic title mocks the fact that he had little to ignite the Internet powders. If the fault is real, it should take a step back and put the case in context instead of screaming panic for nothing.
A serious flaw that affects a large number of terminals
Very schematically, the fault Fake ID allows malware to authenticate using the signature of a known application to hide its true origin. The firm provides an example of a virus masquerading as an Adobe Systems and Google software which would be able to become a Trojan horse or steal data used by Google Wallet acquiring the necessary permissions without using the user.
The flaw is serious. However, Google has already been made aware, he has already released a patch he sent to his partners, he corrected the flaw in Android 4.4 KitKat, he scanned the Google Play and can say that no application in its store uses this vulnerability. Finally, Verify Apps, which monitors the behavior of applications on an Android device, is also fixed and can detect an application attempting to exploit Fake ID.
A patch already in place and a flaw in a very limited scope that still show that Google still has work to do in terms of security
In short, it is true that it is possible to be a victim of this fault, but it requires a terminal that has not been updated, download an application containing malware does not come from Google and Play Verify Apps have disabled or have an Android version of which is free. Suffice to say that the cases in question are very limited.
This flaw shows that Google still has work to do in terms of its security strategy. Last month, we décriions lax features the Play Store. Today, we are dealing with a flaw of a limited scope, but was discovered by analyzing the shortcomings of the source code of the operating system.
This flaw shows that Google still has work to do in terms of its security strategy. Last month, we décriions lax features the Play Store. Today, we are dealing with a flaw of a limited scope, but was discovered by analyzing the shortcomings of the source code of the operating system.[/QUOTE]
while the info you have given is fine and i thank you for it, but there are other app stores people use beside google play store and reading up on this bug it is still possible their phones could become compromised downloading apps from them?
A Big Big Thank You
Just an update: opssemnik backported the fake id xposed module and it works perfectly with gb roms a big big thank you to him. he also supplied a link in the comments on http://www.xda-developers.com/android/fight-fake-id-vulnerability-xposed/ So once again a big thank you to opssemnik