Not really the truth - Android apps are all sandboxed and have relatively little access.
In fact the only thing this oh-so-evil malware did was generate fake Google Ad clicks. Not really an offense against its users at all and it can be trivially uninstalled. I certainly wouldn't compare that to ransomware, DDoS botnets, search hijackers, etc that deeply nest themselves in your system and resist uninstallation so much that reinstalling the OS is often the suggested recovery option.
>I certainly wouldn't compare that to ransomware, DDoS botnets, search hijackers, etc that deeply nest themselves in your system and resist uninstallation so much that reinstalling the OS is often the suggested recovery option.
Lot's of adware can be equally sticky because it keeps on loading new crap on the system if you just miss it in one place. Tbh the worst disaster system I've seen usually involved adware, sure it's not a total data loss but I'd guess it's far more widespread than ransomware.
And I'd consider any behavior, that's not approved by the user, as an offense against the user. After all, this stuff is taking up resources that otherwise wouldn't be used (traffic, memory, CPU cycles and as such battery)
I also consider having random ads pop up, with no way around them except clicking them, pretty offensive behavior towards the user.
This stuff might, for now, be rather easy to uninstall but nobody can guarantee that won't change in the future and infected phones end up in a similar bad state like Windows systems with sticky adware infections.
> Lot's of adware can be equally sticky because it keeps on loading new crap on the system if you just miss it in one place. Tbh the worst disaster system I've seen usually involved adware, sure it's not a total data loss but I'd guess it's far more widespread than ransomware.
Important to note that you're talking on Windows here. On Android it can't do anything of the sort.
> And I'd consider any behavior, that's not approved by the user, as an offense against the user. After all, this stuff is taking up resources that otherwise wouldn't be used (traffic, memory, CPU cycles and as such battery)
Nasty advertising practices are already quite common in the mobile world, compare with the apps that do push ads, notifications for in app purchases, full screen ads that are hard to click off, etc.
> This stuff might, for now, be rather easy to uninstall but nobody can guarantee that won't change in the future and infected phones end up in a similar bad state like Windows systems with sticky adware infections.
Short of sandbox breakouts becoming rampant - which would surely get noticed quickly - it can be guaranteed this will never become a concern on Android or any similar platform.
I heard of something with Apple, somebody was able to change the checksum or something to an Apple app before it was submitted to a store and all the ad revenue went to that person. It was on a podcast I heard a few month(s) ago.
There is no way either company can manually inspect billion+ apps plus their updates. So they are putting AI in charge which people seem to ba able to fool once in a while.
At Google IO they just announced Android has 2B active devices, which makes it easily the largest platform today, must larger than Windows ever was. If you remember the bad days of ILOVEYOU or SqlSlammer, I think Android is much safer. Or compare this Judy with WannaCry. Don't believe the hype. You're welcome.
They've done a little bit. Newer Android versions support setups where apps request permissions at runtime, instead of just having them all the time in the background.
But the permissions are still too wide. Things like giving apps access to all your contacts, as opposed to having the OS only provide one contact, after the user picks it from a list.
There's a tradeoff in usability. I do wish Google (or a phone vendor! add real value!) would let users choose fine-grained or coarse-grained security at the UI level, and let developers just use fine-grained permissions APIs.
Bad security: App requests all your contacts and shows you a list of people you can invite to play Candy Crush. The user clicks one, but the app already has access to all of them.
Good security: App requests a contact and the OS shows you a list of people you can invite to play Candy Crush. The user clicks one and the OS gives that contact info to the app.
The user experience is quite similar, but the security design is far better.
No, nothing can ever wash off the stank and damage done by Windows. When Android starts shutting down hospitals, holding companies for ransom, crippling foreign centrifuges then we can have this conversation. Until then we're just waiting for the next Windows armageddon.
Part of the issue is how lax attitudes are in mobile development when it comes to security. There are probably dozens of top apps out there that have insecure command and control type setups
