
Malicious apps infect 25M Android devices with 'Agent Smith' malware - lelf
https://phys.org/news/2019-07-malicious-apps-infect-million-android.html
======
komali2
> Google already fixed at least one of the Android exploits used by "Agent
> Smith," nicknamed Janus, in 2017 but the fix hasn't made its way onto every
> Android phone. It's a potent reminder that millions of phones around the
> world are being used without the latest security measures.

Because Samsung (or similar) or even more weirdly, Sprint (or similar) just
doesn't fucking update our Android versions for months, or ever.

~~~
dan-0
This seems to be getting a lot of attention, so as an Android Engineer with
some security and framework experience let me try to explain.

This is a side effect of Android's initial approach to it's open nature.
Android allows a manufacturer to modify its framework for their own use case.
Then the manufacturer can allow a specific carrier to input their own system
applications and firmware on to the devices well (your bloatware etc).

This can lead to multiple firmware variants for a specific device. It's not
uncommon to see over 20 variants of a firmware for a specific Samsung device
for example. This can be broken down by carrier, by region, by OS, etc.. for a
number of different reasons.

This becomes a problem when Android needs to post an update. That update has
to be pushed first to the Android framework, then to the manufacturer who
decides if they are going to make modifications for the update, and if the
manufacturer decides to make an update, they push it to the carrier who then
has to make an update themselves.

This leads to a web with many broken ends, where a specific phone on one
carrier may never see an OS upgrade after purchase, but on another carrier,
the same phone might get them regularly.

Additionally some manufacturers take a greater degree of liberty in modifying
the Android framework, making updates significantly more expensive to
implement, so they don't.

The good news is Google over the past couple of years has been making a great
effort under Project Trebel to simplify some of the APIs in the Android
framework. What this is leading to is less friction when it comes to
implementing core updates. Unfortunately not all manufacturers have opted in
to adhering to the standards and Project Trebel yet.

This is all in stark contrast to iOS, which doesn't have the restriction of
dealing with multiple manufacturers, and makes it harder for carriers to
customize the device for their own business cases. This makes security and
updates easier to push, but on the cost to the user of being an expensive
single stream walled garden. Nothing against iOS in the statement, as a
flagship device they're very nice. However, they don't have the adaptability
that Android allows, making them prohibitive in some markets.

Sorry for any grammar issues, I'm on my phone (a regularly updated Pixel 3).

~~~
cstejerean
This is what I love about Apple. They gave the carriers a big middle finger
when it comes to the usual bullshit of bloatware, sticking their logos on
things or getting in the middle of updates. That’s because they cared about
the end user experience. Google was happy to just grab market share at the
expense of the users by allowing carriers to continue with their usual
shenanigans. For this reason Apple will have my eternal gratitude, because I
remember what a shitshow smartphones (and deploying apps for them) was before
Apple flexed their muscles on this.

~~~
codedokode
But Apple software is proprietary, not friendly to open soure developers and
you never know what that software is doing. Maybe they are streaming your data
directly to "cloud" operated by NSA. Or iPhone doesn't upload anything to
cloud?

~~~
w1nst0nsm1th
Most of the function users care about in their phone, if not implemented by
third party, are proprietary apps from google.

Without the app store and the google ecosystem, android experience is poor at
best.

~~~
darkpuma
The Google ecosystem can drown in bleach for all I care. F-Droid is not bad at
all. Downloading apps from the Google store is an awful experience because on
that store it's the _norm_ for _damn near every application_ to spy on you to
the fullest extent possible. On f-droid, applications the typical application
is a good citizen. It's a lower stress experience and a better appstore than
either Google or Apple, unless you desire specific closed source software in
which case it's no longer an option.

Try this: On Google's Appstore, find a flashlight app that _doesn 't_ upload
your contacts. Now on F-droid, try to find one that does. This is not an easy
challenge!

~~~
wildduck
Or we can also try this: [https://www.replicant.us](https://www.replicant.us)

------
kgwxd
"Check Point is not identifying the company, because they are working with
local law enforcement."

Well that's dumb.

"It appears that you are currently using Ad Blocking software. What are the
consequences?"

The consequences include avoiding situations just like in the story.

When did Phys Org get into tech news? I thought they were just an unreliable
source for science rumors.

~~~
bogwog
Strangely enough, in the article they actually recommend using an ad blocker:

> Childs recommends Android users use ad blocker software, always update their
> devices when prompted, and only download apps from the Google Play Store.

------
kevinbojarski
Check Point's write up can be found here:
[https://research.checkpoint.com/agent-smith-a-new-species-
of...](https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-
malware/)

------
NorthOf33rd
I'm a little shocked that the Matrix still so culturally relevant.

~~~
nscalf
Becoming more relevant with each passing day, it seems.

------
w1nst0nsm1th
What is the the best anti-malware for an Android malware ?

An iPhone.

------
la_barba
Well, its hard to feel any sympathy for Google here. Google forces their
android partners to include Google's own apps and keep them updated. They
could also have made Android security updates mandatory. MS still got the
blame when Windows systems got exploited using bugs that were fixed ages ago.
Its unfair, but that's just the nature of the beast...

------
deepsun
What ad blocking for Android to would recommend?

~~~
ce4
Firefox mobile + uBlockOrigin or uMatrix

~~~
css
Firefox Mobile is dropping extension support for awhile:
[https://github.com/mozilla-
mobile/fenix/issues/574](https://github.com/mozilla-mobile/fenix/issues/574)

~~~
lol768
Firefox Mobile will continue to be Fennec in the short-term.

>when exactly is fenix supposed to replace fennec as Firefox for Android? Once
the MVP is done, or when it reaches feature parity?

>We are currently finalizing the transition plan, however we know that Fennec
will not be replaced for the MVP, we will make sure our existing users will
get the experience they expect later in the year.

If they choose to use an experimental MVP which doesn't yet have feature
parity, then sure - they won't have Web Extensions.

------
xbkingx
New title: Security researchers did a thing. Article body: See title.

"Oh boy! A whole bunch of people are going to be really boned by a malicious
app, but we're not going to let you know any details. Hey, do you bank on your
phone? Ooooo you might be realllllly screwed. The competing platform is better
and/or worse for thee pedantic reasons, says some random person you've never
heard of and will probably never hear from again."

If you're not reporting the name of the company or apps involved, don't waste
everyone's fucking time. It's even more egregious than the news doing the
whole, "Something in your pantry could kill everyone you ever loved. Details
after these commercials."

Sure it puts pressure on device makers to be on the ball with security
updates, but at the end of the day there's nothing anyone can do. They don't
tell you the symptoms of being infected, how to prevent becoming infected
(don't click ads to prevent activating the virus, but do I just never install
another app from here on out), or even what to do if you are infected (will a
factory wipe work, or does it install to recovery, too?).

I submit the following similarly useful mini-article:

Something in 500,000 grocery stores is causing customers to experience
explosive diarrhea. Local law enforcement is investigating, so we're not going
to tell you what the item was. Oops! We mean itemS. I mean, there were a LOT
of them. Dr. Flabenpoop of the Central Alabama Subcommittee for Safety of Food
and Other Eatin' Things reminds consumers that eating is essential to remain
among the living and excessive diarrhea can lead to dehydration and death. He
recommends NOT experiencing excessive diarrhea while maintaining a balanced
diet. He also notes that the two-fingered spotted wallaby cannot get diarrhea,
which begs the question: Is it better to be a wallaby or a human? Or a stick?
I mean, sticks don't poop at all, so they must feel lucky. Or sticky. But not
sticky from poop.

That is the linked article. Both reports provide the same level of actionable
information, the same who cares commentary, and same less than half-heartedly
rehash of some inane comparison to pad the word count.

tl;dr - Zero useful information released by the research team, zero useful
information in the article.

------
freakynit
say whatever, I just loved that name

------
shareIdeas
Unacceptable.

Btw what was the attack vector?

------
privateSFacct
Whenever I read about Greenpeace attacking apple for their phones I laugh. The
number of Android models, made with far more toxic materials, never updated
and so obsoleted much earlier (check out secondary market for 4 year old
phones to see this) is far higher and with a much bigger enviro impact than
iphones.

Despite claims apple purposely obsoletes its phones, it actually has a FAR FAR
better record of updating old phones (reasonably given hardware differences)
which extends the life of old phones.

~~~
capsulecorp
>which extends the life of old phones.

Except they were caught purposely throttling older phones with those updates,
not exactly what i'd call extending life.

~~~
rhinoceraptor
> purposely throttling

So that the phones don't randomly shut off because their lithium ion batteries
were old. Yes, they should have told people but it wasn't done maliciously.

~~~
bogwog
> it wasn't done maliciously.

Depends on how you look at it. One alternative solution to the old battery
problem would be to send it to a repair shop to install a new battery.

But Apple doesn't want people to have the right to repair their own devices,
so that's not even seen as an option. Throttling to extend battery life is a
convenient explanation that both solves the problem and avoids hurting their
extremely profitable repair program (where they'd charge maybe $50 less than
the cost of a new phone for a battery replacement).

~~~
graeme
You can replace an apple battery for $69. It was $29 for a while after the ios
11 battery troubles.

[https://www.usatoday.com/story/tech/talkingtech/2018/09/13/a...](https://www.usatoday.com/story/tech/talkingtech/2018/09/13/apple-
raise-iphone-battery-replacement-prices-january-1/1285226002/)

