Related
OK, I did search for this before I posted so I hope I don't get anybody mad for starting a new thread if this has been covered.
Regarding security threats and android phones. I did see the thread about a malware program out of Russia affecting android phones (installed via a movie program?). But in general, security issues do not seem to be a big issue.
The other threads I've found seem to have conflicting opinions.
So my question(s) is, how much do you all worry about security issues? Does anybody use Lookout (free mobile security app)? I did see that it has high ratings on the market, but I put more stock in what this community has for opinions than the market users.
Again, if this has been covered to death and I missed it, I apologize.
I do have concerns over security and therefore really don't install many apps. Since I have had an android phone, my gmail account has been compromised once, allowing spam to be sent from my gmail account and also spam to be placed on my Blogger site. While I cannot be certain it was something on my phone that allowed this, I rarely use my computer to access any of my Google apps. I also had never had issues with any email or other accounts being compromised for as long as I've had a computer. I also rarely get spam. So while I can't be certain, the fact it showed my account being logged into by a mobile device in Malaysia makes me very suspicious.
Sent from my HERO200 using XDA App
Thanks for the reply. I take it you haven't used Lookout or any of the other security apps?
Lookout looks legit, but I am a little skeptical. Guess I'll wait and see if I get any other responses before I do anything with it.
I haven't tried it in the past, as I'm skeptical too. I went ahead and installed it though after my post just to see. It is now being installed by some of the carriers by default apparently and I guess has won some awards, so hopefully it's been poked at a bit by people to where it itself isn't a large threat. Figure if it doesn't impact performance a lot there can't be any harm in trying it. Now, as for how effective it really is, I'd imagine that's something many people will never know.
Sent from my HERO200 using XDA App
Again, thanks for your input.
Performance impact is basically what I was worried about. I actually installed it the other day but when I realized it was on ALL the time, I uninstalled it before really giving it a chance.
I guess it's worth a shot. I'll install it again tonight and run a couple before and after quadrant benchmarks to see how much of an impact.
If I don't get anybody else posting here, I'll still post my experience in a couple/few days, so if you're interested, check back later in the week.
Thanks dpeeps, have a good one.
Paranoid much?
Sent from my HERO200 using XDA App
Eric_1966_FXE said:
Thanks for the reply. I take it you haven't used Lookout or any of the other security apps?
Lookout looks legit, but I am a little skeptical. Guess I'll wait and see if I get any other responses before I do anything with it.
Click to expand...
Click to collapse
seriously? lookout is featured in a Droid commercial for verizon. (i think its verizon anyhow)
i use it, i really haven't noticed any effect on the performance.
Vandelay007 said:
Paranoid much?
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
Not paranoid .... just cautious.
There is so much good information on this site that when I search for something that sounds too good (for free), and I can't find anything, yes, I'm going to "err on the side of caution".
ngholson, thanks for the input.
Eric_1966_FXE said:
ngholson, thanks for the input.
Click to expand...
Click to collapse
you are welcome. i use it mostly for the lost feature. if i lose it i can activate the gps and locate it that way, and i can also make it scream (caution this is really loud, and the only way to stop it is a battery pull) if it is somewhere close to me. it is very effective.
EDIT: they changed the scream feature, now it will scream for 1 minute and you can stop it by turning the volume down on the phone.
Some people say android phones can get viruses and some people say they can't. So anyone know? Should I get a anti virus?
Sent from my SGH-T959 using XDA App
I've never heard of a virus for android. If you want, lookout mobile is free and has AV, plus backup, plus the ability to locate your phone. I use it, but ONLY for the find my phone feature. I used to have it do AV, but I just didnt see the point. Your call.
http://www.appbrain.com/app/lookout-mobile-security/com.lookout
Just search google for:
Android trojan
You will have the reason you seek.
Sent from my SGH-T959 using XDA App
^ REALLY?!?!
Because all you get is "FIRST sms trojan" from just a few months ago... and who clicks links in text messages from people they don't know? Common sense.
AV will contribute to battery drain without any real benefit.
My phone is backed up with
Titanium because I like a one click restore
App Control because I like to keep multiple versions of my stuff and reload on the fly
Nandroid because I flash my phone as often as I flash my wife
All of which have been backed up to my home Network and if I get hit well I'll just reload. To me the price of having my phone scan every file when it loads or when I add something isn't worth the realestate the app takes up in my phones memory.
Honestly people who spread the fear of Viruses are those that create virus's and market their software to rid them. Bad, Bad tactics and honesly they are no worse than a shady Used Care Salesman or a high pressure Time Share Salesman.
I'm not saying the OP is a Salesman, but those that preach it are.
What I can tell you is have fun updating all in market, it will slow your phone down to a crawl.
Don't blame me, blame my keyboard's autocorrection algorithm.
mikey7436 said:
Some people say android phones can get viruses and some people say they can't. So anyone know? Should I get a anti virus?
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
short answer: no.
What I think is not the virus, but the apps keep sending data to somewhere
I use lookout but often question whether it really does anything besides giving you the ability to locate your phone if it gets stolen. Basically, don't click on messages from people you don't know, stay away from sites that your anti-virus on your home machine warns you about and don't install warez and you should be fine.
No need y'all, waist of space, money and time... If it ever happened hard reset our flash a rom lol...
Forget about it...
funeralthirst said:
short answer: no.
Click to expand...
Click to collapse
The CORRECT answer is yes, ot course it *can* get a virus, but it is very unlikely. Now, regarding the spyware - that's a very different discussion....
Sent from my SGH-T959 using XDA App
Simple Easy Way To Make Sure You Don't Get Viruses..Don't Go To Porn... Lol Jk
But For Real Just Make Sure You Download Your Apps From The Market And You Should Have No Problem
dbacchus said:
The CORRECT answer is yes, ot course it *can* get a virus, but it is very unlikely. Now, regarding the spyware - that's a very different discussion....
Sent from my SGH-T959 using XDA App
Click to expand...
Click to collapse
lolololol. anything, including your car's ecu *can* get a virus. will it?
and spyware? come on. what, do you have some anti-spyware app you need to sell? lol..
http://www.crn.com/240000735/printablearticle.htm
What software do you have to protect yourself/information?
Alias8818 said:
http://www.crn.com/240000735/printablearticle.htm
What software do you have to protect yourself/information?
Click to expand...
Click to collapse
Before I open any app I open manifests.xml and change permissions. lol
Anything else We can do?
IMO, If you get anything like this. You deserve it! Almost just like on a PC. If your not smart enough to check your stuff before you put it on your phone, then stick to buying your apps. Don't open and launch things from emails you don't know about. Your not smart enough to know what sites are bad and how to control what your clicking through. By all means hurry and pirate an anti... app too please. Then I can charge you to fix it. XXX only make me money.
Did I miss anything? lol
Love,
Your loving IT Pro
Oh yeah I forgot. LBE security guard. Amazing root permissions app. It allows you to revoke certain apps permissions. Like if you don't want angry birds access to your data and wifi you can do that. An added plus is with that you dont get any more stupid adds.
Sent From My Sprint Galaxy Nexus via XDA Premium
Avast! Is pretty awesome, mostly anti-virus protection.........the malware stuff is a totally different kinda animal, would be great to see a good solid app.........gonna try Uber's recommendation.
Sent from my SPH-D700 using xda premium
I use a combo of several apps
Superuser (with PIN) for SU rights
AdFree - to block most ads
Droid Wall - to totally block data & WiFI on an app by app basis
LBE Privacy Guard - to remove specific permission from apps that require data access
One of the easiest thing to do, is only get apps from trusted sources, which will drastically cut down on risks
Finally, think twice about installing an app with a low number of downloads.
DCRocks said:
I use a combo of several apps
Superuser (with PIN) for SU rights
AdFree - to block most ads
Droid Wall - to totally block data & WiFI on an app by app basis
LBE Privacy Guard - to remove specific permission from apps that require data access
One of the easiest thing to do, is only get apps from trusted sources, which will drastically cut down on risks
Finally, think twice about installing an app with a low number of downloads.
Click to expand...
Click to collapse
Why do you have LBE and Droid wall. You do know LBE has that function too right? Internet Firewall....
Sent From My Sprint Galaxy Nexus via XDA Premium
ÜBER™ said:
Oh yeah I forgot. LBE security guard. Amazing root permissions app. It allows you to revoke certain apps permissions. Like if you don't want angry birds access to your data and wifi you can do that. An added plus is with that you dont get any more stupid adds.
Sent From My Sprint Galaxy Nexus via XDA Premium
Click to expand...
Click to collapse
I agree 100% with this. The UI is super simple, and you can see how much data each app is using. It opened my eyes the first few times I used it as there were apps using data that had no real reason to. It didn't make sense to me.
As UBER mentioned, you can also disable GPS for apps like Angry Birds Space. I love how when you install a new app, a notification shows up up top reminding you to set permissions for that app.
Very basic, easy to use, and most importantly, powerful.
Thread Cleaned
And reopened
FNM
MALWARE Reply
So many people have Android devices now that it ruins it for everyone. That is what makes it a popular platform for that kind of stuff. Nobody ever released malware for Windows Mobile.
- 2 Bunny
kainppc6700 said:
So many people have Android devices now that it ruins it for everyone. That is what makes it a popular platform for that kind of stuff. Nobody ever released malware for Windows Mobile.
- 2 Bunny
Click to expand...
Click to collapse
I don't see the issue I download everywhere and even sites I know aren't protected yet I have no malware or problems.
Sent from my SPH-D700 using xda premium
Alias8818 said:
What software do you have to protect yourself/information?
Click to expand...
Click to collapse
My brain
VIRUS Reply
XxLostSoulxX said:
I don't see the issue I download everywhere and even sites I know aren't protected yet I have no malware or problems.
Sent from my SPH-D700 using xda premium
Click to expand...
Click to collapse
Same here. What kind of places do you actually have to go to to get a virus?
- 2B
kainppc6700 said:
Same here. What kind of places do you actually have to go to to get a virus?
- 2B
Click to expand...
Click to collapse
Most likely, any Russian or Chinese market for cracked apps, as most of the infected apps come from these two regions.
Also, any hacker board for cracked apps has a higher than average chance of having an infected app
SECURITY ON MOBILE Reply
DCRocks said:
Most likely, any Russian or Chinese market for cracked apps, as most of the infected apps come from these two regions.
Also, any hacker board for cracked apps has a higher than average chance of having an infected app
Click to expand...
Click to collapse
I don't live in Russia or China, so I can't say I've ever been to one of these "cracked markets".
Could you provide an example of a "hacker board for cracked apps"?
- 2B
Used to use lookout, but I flash my phone so often I haven't downloaded it in a while.
Sent from my SPH-D700 using XDA
Can someone suggest best antivirus for ICS?
Sent from my GT-N7000 using xda premium
None. Antivirus software for Android = a scam to make the antivirus vendors money.
Just read reviews for apps before installing them from the Market. Malware is usually pretty obvious.
Norton,avast,dr.web they were tested by some big world company wich test antiviruses so type at google best android's antivirus
Sent from my GT-I9100 using XDA
Entropy512 said:
None. Antivirus software for Android = a scam to make the antivirus vendors money.
Just read reviews for apps before installing them from the Market. Malware is usually pretty obvious.
Click to expand...
Click to collapse
Not really true. If you are tech savvy enough to be sure you don't have anything with malware then best of luck to you. You are well respected on this forum so I'm sure you'll be fine.
I'm technically minded and a software programmer by trade but I couldn't be sure that any app on the market is safe without fully reverse engineering it (which I'm not eating my time attempting) and even then some sneaky developer could push something dodgy out in an update so I'd have to check them too.
Also checking apps doesn't protect you from dodgy messages, emails, etc.
So, I have AVG on all my Android devices just in case. It uses very little resources and has caught a couple of suspect things over the last 6 months since I moved to 'Droid!
I am using Kaspersky Mobile Security. Very System friendly.
Sent from my Samsung Galaxy Note using XDA Premium App
I am taking the small risk of a data leak over a performance loss, so I am currently not running one, having said that I do run it on my pc :-/
emuX said:
.
I'm technically minded and a software programmer by trade but I couldn't be sure that any app on the market is safe without fully reverse engineering it (which I'm not eating my time attempting) and even then some sneaky developer could push something dodgy out in an update so I'd have to check them too.
Click to expand...
Click to collapse
It's not about needing to reverse engineer code!
It's more about paying attention to the permissions that the app requests when you go to install it and deciding if they are appropriate.
For example, an app that just makes farting noises almost certainly doesn't need access to your contacts, and services that cost you money.
Some people think that an Android antivirus program will protect them against such threats, and they will if the application has been "blacklisted". However, most of these programs rely on blacklists, so until a particular application is flagged as malware, you are still at risk!
The moral of the story is, nothing beats eternal vigilance!
Regards,
Dave
Sent from my GT-N7000 using Tapatalk 2
emuX said:
Not really true. If you are tech savvy enough to be sure you don't have anything with malware then best of luck to you. You are well respected on this forum so I'm sure you'll be fine.
I'm technically minded and a software programmer by trade but I couldn't be sure that any app on the market is safe without fully reverse engineering it (which I'm not eating my time attempting) and even then some sneaky developer could push something dodgy out in an update so I'd have to check them too.
Also checking apps doesn't protect you from dodgy messages, emails, etc.
So, I have AVG on all my Android devices just in case. It uses very little resources and has caught a couple of suspect things over the last 6 months since I moved to 'Droid!
Click to expand...
Click to collapse
And neither will these 'antivirus' software help if a developer slips something in, the truth is the best thing you can do it check comments malware is far less a problem on android then Windows, these companys simply try to sell you this software as so many people are used to needing it on windows they think android is the same.
All the apps do is detect known 'black listed' apps which are either not going to be on the market or have bad comments already.
While the main reason for these apps is pointless I will say some of the extra features are quite useful including device tracking etc.
However I would never buy one of these apps for sure
Avast Free s the best, enough said.
John
Tinderbox (UK) said:
Avast Free s the best, enough said.
John
Click to expand...
Click to collapse
Yep
The additional 'Theft Aware' software, is free as well
emuX said:
Not really true. If you are tech savvy enough to be sure you don't have anything with malware then best of luck to you. You are well respected on this forum so I'm sure you'll be fine.
I'm technically minded and a software programmer by trade but I couldn't be sure that any app on the market is safe without fully reverse engineering it (which I'm not eating my time attempting) and even then some sneaky developer could push something dodgy out in an update so I'd have to check them too.
Also checking apps doesn't protect you from dodgy messages, emails, etc.
So, I have AVG on all my Android devices just in case. It uses very little resources and has caught a couple of suspect things over the last 6 months since I moved to 'Droid!
Click to expand...
Click to collapse
You my friend, are to paranoid.
Sent from my GT-N7000 using xda premium
lamou1nr said:
You my friend, are to paranoid.
Sent from my GT-N7000 using xda premium
Click to expand...
Click to collapse
Better that than having all my account details hacked because some dodgy app is snooping.
Responding to the others who replied to me...
If you choose a reputable AV company like AVG or Norton you should be safe.
And, you can't tell much from the permissions. Yes, if the app asks for access to your contacts and phone identity then you could just not install it, but what if it was an alternative dialer that was ad supported? - then it would need internet access and permissions to read your phone details (like Go Dialer) and then you are stuffed.
I've got a door at the front of my house. Even though I live in a good area and have neighbours around most of the day, I still lock it!
foxmeister said:
It's not about needing to reverse engineer code!
It's more about paying attention to the permissions that the app requests when you go to install it and deciding if they are appropriate.
For example, an app that just makes farting noises almost certainly doesn't need access to your contacts, and services that cost you money.
Some people think that an Android antivirus program will protect them against such threats, and they will if the application has been "blacklisted". However, most of these programs rely on blacklists, so until a particular application is flagged as malware, you are still at risk!
The moral of the story is, nothing beats eternal vigilance!
Regards,
Dave
Sent from my GT-N7000 using Tapatalk 2
Click to expand...
Click to collapse
+1
Sent from my GT-I9100 using Tapatalk 2
emuX said:
I've got a door at the front of my house. Even though I live in a good area and have neighbours around most of the day, I still lock it!
Click to expand...
Click to collapse
To use your analogy, your "antivirus" app is like a bouncer on your front door. If a known threat pitches up and wants to come in, the bouncer will stop them, but for new and unknown threats, he'll happily wave them through.
Given that reputable app stores like Google Play or Amazon are quick to remove known threats, all you've done is bought yourself a false sense of security! Good luck with that!
Regards,
Dave
Sent from my GT-N7000 using Tapatalk 2
I was just asking about this kind of thing just the other day.
Here is what I found (http://www.av-test.org/en/tests/android/)
The Best stuff at the moment seems to be
avast! Free Mobile Security
F-Secure Mobile Security
Kaspersky Mobile Security (Lite)
. . . .McAfee Mobile Security >_> (Apparently...)
and
Zoner AntiVirus Free
I'm using COMODO on Android (good antivirus, real time scaner and great anti theft options) and on PC i'm using COMODO Internet Security (antivirus+firewall+sandbox). It's free both on Android and PC.
Avast
Avast...without doubt.Run it on my PC too.
I'm using LBE to adjust/monitor permissions for apps. I don't think antivirus programs will do you any good.
Avast is the best in my opinion. Even though its a really good AV and its also free I still dont use one. Don't need one on my mobile.
Even on Windows I never get viruses.
Most malware and viruses come in with dodgy emails and dodgy websites. Avoid those and you'll be fine.
I just use Avast even though I like it more for the Anti-theft feature than the actual anti-virus feature.
Has HTC push the patch? Samsung already roll out security patches to S4. I Just scanned, my ONE is unpatched/vulnerable.
Here’s How You Can Check If Your Android Device Is Patched Against The Master Key Exploit.http://www.redmondpie.com/check-if-your-android-device-is-patched-against-the-master-key-exploit/
Sent from my HTC One using xda app-developers app
the Google Edition roms are patched
IINexusII said:
the Google Edition roms are patched
Click to expand...
Click to collapse
THe sense based roms have not been patched yet but when i reached out to them they said that it will be resolved soon with a update. They could not give me an ETA on when it would be coming out but assured me they take it very seriously and are working hard to get it rolled out.
crackeyes said:
THe sense based roms have not been patched yet but when i reached out to them they said that it will be resolved soon with a update. They could not give me an ETA on when it would be coming out but assured me they take it very seriously and are working hard to get it rolled out.
Click to expand...
Click to collapse
That app says I'm patched and I'm running InsertCoin with the latest elementalX. I wonder if the master key patch is in the kernel. If so, that makes sense.
Sent from my HTC One using Tapatalk 2
It appears 4.2.2 build/soft no. 2.24.401.1 / HTC 5.34 is patched as well :good:
@Wiss said:
It appears 4.2.2 build/soft no. 2.24.401.1 / HTC 5.34 is patched as well :good:
Click to expand...
Click to collapse
What CID and OTA or custom Rom?
Sent from my HTC One using Tapatalk 4 Beta
Ye in the last OTA it is patched. The 4.2.2
My One is "patched." I don't download warez, steal paid apps, or install third-party app stores that are untrusted.
I have no sympathy for anyone who does the above and gets their phone jacked up.
BTW Can someone give us a technical (not too technical) explanation of what is this ?
Thanks.
KekeJr said:
BTW Can someone give us a technical (not too technical) explanation of what is this ?
Thanks.
Click to expand...
Click to collapse
Applications are cryptographically signed. The idea is that another software house or or anybody else can't come up with an "update" to that app, as the signature will be different.
The exploit allows exactly that to happen.
Lets say you download Google maps v7 from the internet because you're impatient, and you install it over the top of the existing one. In theory, if it succeeds, it must have come from Google and hasn't been tampered with to install a Trojan or virus or whatever.
With this exploit, the apk can be modified whilst retaining the same signature. Basically you can't trust downloads that didn't come from the play store until the exploit is patched.
BenPope said:
Basically you can't trust downloads that didn't come from the play store
Click to expand...
Click to collapse
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
BenPope said:
Applications are cryptographically signed. The idea is that another software house or or anybody else can't come up with an "update" to that app, as the signature will be different.
The exploit allows exactly that to happen.
Lets say you download Google maps v7 from the internet because you're impatient, and you install it over the top of the existing one. In theory, if it succeeds, it must have come from Google and hasn't been tampered with to install a Trojan or virus or whatever.
With this exploit, the apk can be modified whilst retaining the same signature. Basically you can't trust downloads that didn't come from the play store until the exploit is patched.
Click to expand...
Click to collapse
First i want to thank you !
Second: ....so, basically this means that it was not that BAD... as the media said !
We all knew that only Play store has trustable content.
Thanks, again !
This patch is in a play store update not an Android update. I have it in play store 4.1.10, there is an app which lets you check I think it's called bluebox or something.you can also check in Google settings if you have an option to verify apps.
unremarked said:
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
Click to expand...
Click to collapse
That's funny, because the app store is littered with adware and malware. Just a few days ago, there was an app in the top 20 that was clearly malware, and it remained there for weeks before (presumably) being pulled off. As a general rule, I don't download any apps that require the "run at startup" or "install shortcuts" permissions, unless I fully trust the developer. By the way, there's an easy solution; Google could let us control our own privacy settings (like every other OS on the market), but then again, that would eat into their bottom line After all, Google's business model is to literally steal user data and sell it to others.
unremarked said:
Fixed.
This is, and has been, true for every single Android "security issue, virus alert, malware warning," etc that's ever existed.
Sent from my HTC One
Click to expand...
Click to collapse
It's easy to put malicious apps on the play store since there's no review process like apple, but things tend to get flagged quickly.
Basically don't install a calculator app that has full phone/internet/device permissions
The android security model is actually quite good IMO, there's been some exploits but everybody has them (not just android) and they get patched relatively quickly. Potential exploits aside it's actually quite good.
Sent from my HTC One using Tapatalk 2
REDACTED
Sent from my HTC One using xda app-developers app
WhatsAUsername said:
That's funny, because the app store is littered with adware and malware. Just a few days ago, there was an app in the top 20 that was clearly malware, and it remained there for weeks before (presumably) being pulled off.
Click to expand...
Click to collapse
Really? What app was that? I mean, I get annoyed at Candy Crush Saga spam too, but I hardly consider it malware.
WhatsAUsername said:
By the way, there's an easy solution, Google could let us control our own privacy settings (like every other OS on the market), but then again, that would eat into their bottom line After all, Google's business model is to literally steal user data and sell it to others.
Click to expand...
Click to collapse
You're kidding yourself if you think Apple or Microsoft isn't collecting as much data about you as they can and doing what they want with it. Beyond that, I always take point with folks who accuse any company of "stealing your information." They're not. You're freely giving them access to it (as outlined in that Terms of Service/ELEU agreement you don't read) to utilize their services. If you don't want them to have your info, then don't share your info with them.
bbedward said:
It's easy to put malicious apps on the play store since there's no review process like apple, but things tend to get flagged quickly.
Click to expand...
Click to collapse
Halfway true. It's more difficult than you think to get malicious apps on the Play store. Most of the "successful" attacks have been from someone uploading the 1.0 version of their app(which is perfectly clean, and passes inspection by Google Bouncer) then pushes an update to it with some of the malicious code. As you noted, it usually gets flagged and removed at this point. The other way I've heard of people getting "infected" from apps off the Play store is when the author ties their ads into a nasty website, tricks the user into clicking on it, then further tricks them into downloading an unsigned/untrusted APK.
Yup, as long as your not doing some silly things like getting you apps from the Pirate Bay or Joes crazy world of underground apps you will be more or less safe.
godutch said:
This patch is in a play store update not an Android update. I have it in play store 4.1.10, there is an app which lets you check I think it's called bluebox or something.you can also check in Google settings if you have an option to verify apps.
Click to expand...
Click to collapse
I don't think the update patch is on play store. Latest update scan tell's you to Ask your device vendor for update. So it should be security update OTA from HTC?
Sent from my HTC One using xda app-developers app
alanchai said:
I don't think the update patch is on play store. Latest update scan tell's you to Ask your device vendor for update. So it should be security update OTA from HTC?
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
Check your play store version I have 4.1.10 and I am patched