
'I Want to Expose Google's Mistakes': Hacker Blamed for Big Android Fraud - known
https://www.forbes.com/sites/thomasbrewster/2017/06/18/google-android-hacker-claims-innocence-as-banking-trojans-spread/
======
sschueller
"The biggest problem is that the device can install any application, get full
access to the device and can be substituted for fake banking applications
[that can] intercept SMS [and] manage the device. In general, everything is
possible."

PCs can do this too at the moment. I do not want my freedom taken away to
install what I want and end up in a walled garden like ios.

Next thing you can only install government approved apps...

Some security risks will always exist.

~~~
spiderfarmer
I am a big proponent of "freedom to tinker", but I simultaneously believe that
iOS' walled garden is the best thing about Apple's mobile devices. All not-so-
savy PC and Android users I know have trouble with misleading apps and devices
that slow down to a crawl because so many apps are running in the background.
It's frustrating because they absolutely have nothing to gain by said freedom.

~~~
mikekchar
I think they have a _lot_ to gain by said freedom. I think it's fair to say
that they don't have the understanding of how to use it though.

 _All_ of the crapware on my Android phone comes from companies approved by
Google. In fact, most of it... ahem... _comes_ from Google. Blimely... I
forbid Google maps from even running.... Literally every app I use comes from
Fdroid and you wouldn't believe how much better the phone runs.

The walled garden is not so much a walled garden as a zoo. You are a valued
guest as long as you provide value to the proprietors. You get lovely meals
and safe-ish surroundings. The fact that your pen is completely inappropriate
for your body type... Well, you can't have everything, right? But the paying
customers are the ones making the rules and you shouldn't forget it.

Yeah, I don't think you'll get many Madagascar type prison breaks from the
walled garden, as you say, but I think it's a stretch to say that there is
nothing to gain from doing so -- whoever you are.

~~~
saiya-jin
Look at this from say your mom's perspective, not IT geek one - the real
benefits potentially gained are minimal compared to threats.

These academic discussions have no meaning for most folks out there - they
want a device where their few favorite apps work fast and reliably, and
generally a device they can trust will not take away their ie banking info and
steal money or identity.

Rest are details for nerds like us.

~~~
waterhouse
It is sometimes possible for a nontechnical person to have a friend or family
member set up something technical on their device for them. In that situation,
it may become important to the non-nerds whether the walled garden blocks the
nerds.

------
ebg13
> "I wanted to show the vulnerability of the Android and thought that Google
> would take care of security.” ... Maza-In said he didn’t contact Google.

There should be criminal liability for willful negligence that clearly
increases risk to others. That kind of "I never thought" mindset is so...I
don't even know what word to use...antisocial? Careless?

~~~
raverbashing
Yeah

> Unlike security pros who disclose bugs in return for credit or monetary
> reward, Maza-In said he didn't contact Google.

This guy does not have my sympathy

~~~
ktjfi
Responsible disclosure is a scam.

------
cosmotron
Mods should tag this as being from 2017.

------
xiphias2
Although as many people wrote he shouldn't have done this without first
contacting Google, I agree that Android allows the developers too much without
asking user permission. Google had many years to fix this issue, but it
doesn't take it seriously.

