
Android banking malware is on Google Play over month with over 10,000 installs - boni11
https://lukasstefanko.com/2018/10/android-banking-malware-found-on-google-play-with-over-10000-installs-targets-brazil.html
======
ohazi
The Android ecosystem today is like Windows circa 1998-2002, even with the
Play store. It's now fairly reasonable to assume that every app has a high
likelihood of containing malware.

The safest bet is to avoid installing any software, especially random little
games and utilities. You probably don't need them, and they're definitely not
worth the risk.

~~~
saiya-jin
You're probably right many apps are not worth the risk, but I use quite of few
single-purposes apps, my phone would be semi-useless brick without them and I
can buy old school Nokia for just calls and SMS.

Heart rate (from optical sensor), free topo maps for outdoor, various
transport apps (checking when buses/trams will go realistically based on their
GPS), car navigation, watching BBC news, translate, use a freakin' calculator,
browse phone file system, control my A/V receiver over wifi. And so on and on.

For every app removed I would lose an useful functionality that helps me quite
often, for some there ain't any good replacement.

I think smarter is to not any sensitive data in the phone, consider it hacked
out of factory and act accordingly.

~~~
timonovici
Try Lineage on a phone with F-Droid as your app repo: much more trustable -
though not completely, plenty of blobs floating around, the modem OS, and is
safe to assume there are non-public bugs out there. Also, none of the crappy
preinstalled apps, no google spyware, no touchwizz madness - just a clean,
vannila Andoid experience, just as the original developers intended.

~~~
blacksmith_tb
I have gotten Lineage going on a couple of older phones for friends, I am
skeptical that it and F-droid are inherently much more safe than stock + the
Play Store - except that they're less tempting targets for exploitation. Which
I suppose is worth something, still.

------
Daniel_sk
The situation on Google Play is getting serious, just check out the author’s
twitter account. Every day several apps are detected, and this is probably
just a small part of the total number. There are also lots of fake apps that
don’t do anything (RAM increase, battery repair, ...) and either contain
malware or at least they bombard you with ads (or make fake clicks on ads).

------
thatguy0900
I work at an AT&T store, we get people in everyday with phone issues related
to all the advertising apps. People will have basically non responsive phones
where you have to swipe through 8-9 different lockscreens just to get to the
home screen. Not once has an ios user ever come in with the same issue, the
play store is just a joke.
[https://play.google.com/store/apps/details?id=com.smartkeybo...](https://play.google.com/store/apps/details?id=com.smartkeyboard.emoji&hl=en_us)
is a huge culprit on most of the phones that come in. The Emoji keyboard
changes your launcher and does nothing but spam you with nonstop ads. That it
has such a high rating despite so many 1-2 star comments talking about how it
ruins whatever phone it touches shows you how messed up the play store is.

------
ocdtrekkie
I remember when Fortnite came out on fortnite.com instead of the Play Store,
and everyone was writing articles about how likely it was people would get
malware if they weren't under the safe and snug umbrella of the Play Store.
Turns out those were all just about the 30% cut Google didn't want to lose.

The safest way to get an app is from the official website of that app. If they
link you to an app store to download it, presumably they're providing the
proper actual package name ID that's unique and published by them.

------
ravenstine
Play Store security is a joke. A few weeks ago I shipped a new app to it,
expecting a review process that would last hours or days. It was accepted and
made live in less than an hour. Should I really believe that this thing was
thoroughly scanned or so much as glanced at by a human being?

~~~
UncleMeat
What analysis can you run in a day that you can't run in an hour? If your app
didn't trip any alarms, why would you expect a human to review it?

------
vectorEQ
:') no suprise. next up, apple store ;) ... oh wait, it's not malware if it's
signed by apple ofcourse :'D ...

