Related
Ok so I have another noob question. Do I need some kind of firewall and antivirus program on my tab? I mean I spent a ton protecting my laptops and desktops, so is the tab already somehow pretty well protected or do I need something?
And if so what do you recomend
Sent from my SCH-I800 using XDA App
Get Lookout from market, it's free. Thats what I use as a antivirus program. It has some other extra features with it too.
By default Android does not accept connections from the outside unless you tell it to.
So for a firewall, to stop applications from accessing the internet (wifi or 3G) you can try Droidwall. It doesn't work with ClockWorkMod though because of the older version of busybox built in to it. So if you are not using ClockWork for your recovery, it should work.
There are very few (only heard of one so far) viruses that have hit smartphones as of yet. But it is good to be prepared.
you do NOT need an antivirus for an android device as it is present... All those reports you see of viruses on android are done by the company MAKING the antivirus software
drksilenc said:
you do NOT need an antivirus for an android device as it is present... All those reports you see of viruses on android are done by the company MAKING the antivirus software
Click to expand...
Click to collapse
What do you mean it is present? I didn't know android came with antivirus software. Yes, I have heard teh argument that antivirus software company are the ones making the viruses. But the fact is ( whatever the truth is) if you get hit with one, its still a pain. Since its free for now, go for it.
PS. Viruses has been on a decline though for computers and none made for smartphones yet. Lol maybe symanctec is had to cut cost and got rid of their programmers. I know Mcafee just got sold to Intel. Or maybe they are all waiting for the right time to release them when everyone's guard is down. Do I smell conspiracy Either eay, if the stuff on your phone is important, protect it.
You don't need one.
bpt888, drksilenc didn't mean the antivirus app makers were making viruses, he said that they were the only ones reporting on them.
What has been reported so far have not actually been viruses. It seems you have fallen into the trap those who make apps like lookout want people to fall into.
They report on things like, apps requesting device id's etc. You can see that an app will do this by looking at the permissions it asks for. eg, no need for an "antivirus" app.
If you actually read the "virus" reports from these companies, you'll see nothing is needed.
There are no viruses on Android.
None
Zero
Nil
Android anti-virus programs are a worthless waste. Actually less than worthless, as these useless programs just slow down your system for no benefit.
Android isn't Windows, it doesn't have holes the hackers can easily drive through.
If you concerned about your privacy install firewall (Droidwall for example) and tune its setting to block wallpaper or some other apps connecting to somebody you don't know.
Sometimes applications request internet access without good reason raising doubts in their purpose.
You will need to obtain root privileges to run firewall. Ironically this might lower your Tab protection against network intrusion. However, none of this is known threat unless you unknowingly install trojan and any other malware.
No virus software needed. Seriously it is a waste of time.
Sent from my SCH-I800 using XDA App
Geletis said:
Android isn't Windows, it doesn't have holes the hackers can easily drive through.
Click to expand...
Click to collapse
Sorry, but this is just FUD.
Windows is far more secure than most people give it credit for - it's just that it is the target for 99% of all attacks because it is so ubiquitous.
If and when Linux achieves some sort of relevance on the average consumer desktop, I'd expect to see a lot more attacks targeted its way and a corresponding increase in security issues.
Regards,
Dave
foxmeister said:
Sorry, but this is just FUD.
Windows is far more secure than most people give it credit for - it's just that it is the target for 99% of all attacks because it is so ubiquitous.
If and when Linux achieves some sort of relevance on the average consumer desktop, I'd expect to see a lot more attacks targeted its way and a corresponding increase in security issues.
Regards,
Dave
Click to expand...
Click to collapse
I agree, but surely the way that Linux (and Android) is made makes it inherently more secure? Without root access there's not much that can be done to truly compromise a Linux system, and Android sandboxes everything
TheGrammarFreak said:
I agree, but surely the way that Linux (and Android) is made makes it inherently more secure? Without root access there's not much that can be done to truly compromise a Linux system, and Android sandboxes everything
Click to expand...
Click to collapse
I agree there's a certain degree of additional security provided by sandboxing, but we've already seen APKs (e.g. Z4Root) that can gain root access, so it's not infallible. It is one of the reasons that I use Chrome on all platforms - if you check out Pwn2Own, Chrome has yet to fail, and that it mostly due to sandboxing - however, it is not a panacea!
There is definitely an element of "security through obscurity" around non-Windows OS's. Note the use of the word "element" - I'm not saying that Linux or any other OS are insecure, just that they are attacked less than Windows.
The point is that modern Windows is far more secure than most people realise - any OS given the same amount of attention by the "bad guys" in comparison to others. Vulnerabilities exist in all OS's and will continue to found and exploited.
I'm in full agreement that currently the real security threats on Android are down to users not paying enough attention to the permissions that an app requests when it is installed, but this will likely change as Android gains popularity.
I do pay attention to the apps I install, so I personally don't feel the need for any kind of security suite on Android at present.
Regards,
Dave
Cool, thanks for your thoughts.
Sent from my Galaxy Tab
Why are the ad blocking patches permitted here?
I remember the scandal with the "Impaled Angry Birds" version.
So why are developers developing in the disadvantage of others that rely on ads to receive revenue for apps that aren't lite versions and have no paid apps released?
More importantly, why are these distributed, discussed and allowed on this developer forum?
nemuro said:
Why are the ad blocking patches permitted here?
I remember the scandal with the "Impaled Angry Birds" version.
So why are developers developing in the disadvantage of others that rely on ads to receive revenue for apps that aren't lite versions and have no paid apps released?
More importantly, why are these distributed, discussed and allowed on this developer forum?
Click to expand...
Click to collapse
I guess because they're not technically breaking any rules.
There are rules against pirating apps but none against blocking the ads (which is sort of the same thing if you think about it, both are stopping the developers from getting the money they deserve).
But yes, i think 'adblockers' should be banned from these forums. I can't believe Google even allows them to be posted to the market tbh
You should start a poll and see if we can get the rules changed
It's not illegal to block ads on webpages? Which the apps also block.
/Feras - Galaxy Tab
I've felt adblockers necessary in a few games because they were almost unplayable. The problem also is alot of people only wanna block web ads but the ad blockers get apps too.
Sent from my Incredible using XDA App
I don't have a problem with watching ads in apps and I think it's a better way then selling apps that have no ads. I wouldn't buy most of the apps I have installed and with ads I can help the developers.
BUT: some ads are linking to a wap page which uses WAP billing. So when you touch the ad you have a contract over 10$ a week or something which is automatically billed with yor normal moblile contract. that makes it impossible to get your money back without risking high fees from your mobile provider for not paying your bills. Beacause it's not possible to block WAP billing (at least with O2) the only possible way to avoid this is to block the ads.
I'm very sorry for that, but if nothing changes (possibility to block wap billing, ads without wap links ...) I keep on blocking the ads.
I'd probably shouldn't be allowed, but I am glad that it is.
Some developers just throws ads in at the last minute and it often ruins the playability of a game and you end clicking ads by accident just trying to use the app which is not acceptable. I'll click an ad when I choose to.
My feeling is a lot of apps don't use ads respectably or creatively enough and so I rarely want to click an ad anyway. It's generally some lame text link to a larger corp. with little relation to the small-name game I'm playing. If someone's is going to make an awesome game, make an awesome ad too for something the majority of the people who downloaded your game are going to want. Have seen an endless stream of banner ads for the last 10 years of my life. Yawn.
Meltus said:
I guess because they're not technically breaking any rules.
There are rules against pirating apps but none against blocking the ads (which is sort of the same thing if you think about it, both are stopping the developers from getting the money they deserve).
But yes, i think 'adblockers' should be banned from these forums. I can't believe Google even allows them to be posted to the market tbh
You should start a poll and see if we can get the rules changed
Click to expand...
Click to collapse
Be careful with the "stopping developers from getting the money they deserve." comment. It is what the mpaa and riaa goons say too. It's hard to say who would use or stop using an app based on ads/too many ads if they couldn't be blocked. Developers can also sell limited free versions and full paid.
I won't deny or argue it, as there are problems with both sides, but a blanket ban seems a bit one sided in favor of the powers that be.
Adblockers themselves aren't breaking any of our rules, and are thus allowed - though it's certainly debatable what kind of person would use them.
That being said, I know there are apps out there that simply work around the adblocking and show you the ads anyways.
Note that copyrighted apps re-posted here but with the ads disabled (in most cases even without the ads disabled) is definitely against the rules. If you spot one, report the post and it will be removed, as happened with Impaled Angry Birds - though it was unfortunate it took so long to be removed (you can blame me for that if you want, I do).
I get annoyed at ROM revs that apply this. Let the user decide. I had a guy ask me to make one of my apps free because he said all the other apps like it were. I would but so many people block ads now. I'd like payment for my work and I can't find a good spot to place ads in the app. Maybe a load screen, but people would tire of that fast IMO. Maybe it is possible to write code to check if ads are blocked and have the app not function or very limited.
Sent from my iPhone with the bigger Gee Bees.
the adblockers simply make it "one click" easy to block the ads. there are numerous ways to get around the ads if you truly want too.
on a side note: how much of do the developers really lose? I'm not saying I'm one side or another but yes developers like getting paid and consumers don't like seeing ads.
my point being that most adblockers need access to your hosts file (phone must be rooted). xda is very big across the net but still a sort of 'niche' area where only a certain percentage of those us that like doing things to our phones meet. the vast majority of the market is totally unaware of what even rooting is.
as a very unscientific test, i asks all the people i know that use their phones for social networking and playing games (angry birds) questions pertaining to rooted phones and such. only about 2% of them even had a minor clue as to what i was talking about.
so to close this rant: adblocks might be bad/good in various ways but the majority of those ads are getting clicked and the developers are seeing something from that (of course i mean, if the ads really are paying)
i guess this has nothing to do with the OP question. simple answer. Ad Blockers aren't breaking any rules.
pxldtz said:
the adblockers simply make it "one click" easy to block the ads. there are numerous ways to get around the ads if you truly want too.
on a side note: how much of do the developers really lose? I'm not saying I'm one side or another but yes developers like getting paid and consumers don't like seeing ads.
my point being that most adblockers need access to your hosts file (phone must be rooted). xda is very big across the net but still a sort of 'niche' area where only a certain percentage of those us that like doing things to our phones meet. the vast majority of the market is totally unaware of what even rooting is.
as a very unscientific test, i asks all the people i know that use their phones for social networking and playing games (angry birds) questions pertaining to rooted phones and such. only about 2% of them even had a minor clue as to what i was talking about.
so to close this rant: adblocks might be bad/good in various ways but the majority of those ads are getting clicked and the developers are seeing something from that (of course i mean, if the ads really are paying)
i guess this has nothing to do with the OP question. simple answer. Ad Blockers aren't breaking any rules.
Click to expand...
Click to collapse
Most of the time developers make very little from Ads, but in some rare cases (Angry Birds being a brilliant example) the company turns over about 1 million dollars a month, purely from ads.
The point of ad-supported apps, the way i see it anyway, is that you offer a free version that's ad supported and a 'paid' one that isn't (i know this isn't always the case, but that's the fault of the developer). Blocking the ads in the free one will undoubtably stop the users from buying the paid one, meaning the developer will lose out.
And whilst it's true that a very small percentage of all android users actually have rooted their phone and can use Ad Blockers, does that justify using one?
The OP has a point that the patches do take away revenue but the ad blockers are very different than other pirated methods since they do not change the programs themselves merely make additions to the phone's hosts file.
Ad Blockers of ANY kind (even on desktops) do the same thing. By blocking ads on Websites you are in essence STEALING money from the person who runs that site too!
but every major browser and Security suite has one!
And I would personally urge developers that if they want to use the AD subsidized business model they should at least offer a way to remove the ads via a one time donation. (Some do!)
I personally will not use or run any apps that use Ads simply because I know that 99% of all malware comes from scripts of hijacked servers these ads eminate from.
And it really sucks for those with limited data plans who will quickly run out of bandwidth quota from all the ads.
I really understand the OP (and other developers) point and I support their right to be compensated.
But please pick a better way to get compensated. A Lite version may entail slightly more work but it will ensure you will get something for it as opposed to hoping you get something for it because someone hacked the hosts file and stopped your revenue stream dead in it's tracks.
Meltus said:
And whilst it's true that a very small percentage of all android users actually have rooted their phone and can use Ad Blockers, does that justify using one?
Click to expand...
Click to collapse
not at all, i'm simply stating both sides. it's going always going to be a pro/con dilemma. same with the mpaa/riaa except adblocking does not constitute piracy where you are literally stealing and not paying as opposed to modifynig your operating system to behave as you wish.
Asphyx said:
I personally will not use or run any apps that use Ads simply because I know that 99% of all malware comes from scripts of hijacked servers these ads eminate from.
Click to expand...
Click to collapse
frankly speaking i do the same. I use ABP for firefox and i have a modifed hosts file as well that keeps these ads from ever appearing on my machine.
so atleast for justification on that part, consider the performance hits from multiple flash/banners/whatever popping up everytime you want to just browse the net.
Meltus said:
I guess because they're not technically breaking any rules.
There are rules against pirating apps but none against blocking the ads (which is sort of the same thing if you think about it, both are stopping the developers from getting the money they deserve).
But yes, i think 'adblockers' should be banned from these forums. I can't believe Google even allows them to be posted to the market tbh
You should start a poll and see if we can get the rules changed
Click to expand...
Click to collapse
You can download ad free from the market for a while. Apparently Google does not have a problem with it. Why should XDA ban something that you can download from the market?
The other thing is that you can not stop people from editing their host file (because this is the only thing the application is doing)
So banning it from these forums doesn't make any sense at all IMO.
What ppl don't under stand is that if these programs didn't have ads they would cost money. Ppl do not write these programs for free, ads are they get paid. If u remove the ads u will see more programs being paid and less ad supported.
This stuff imo should not be allowed. But this will up end up costing everyone bc a few ppl are greedy. Whether it helps the performance of the game or w/e its besides the point. That was the developers decision. I am surprised its not against the terms of use.
My 2 cents lol
Sent from my Nexus One using XDA App
i don't understand why it would be against the terms of use? free vs paid vs ad supported all have valid points and you will never completely make everyone happy, whether it be the developer or the end user.
consider all the websites you visit on any given day and your antivirus software that you have installed that blocks a certain number of popups/ads that generate revenue for these websites.
how is this any different from having an ad blocker on your phone? it's still very much the same thing and i'm sure those that don't like the mentality of ad blocking on their phone use some sort of ad blocker on their pc.
Blocking ads is not a good thing for developers if that's how they get their money but it also takes away from the end-user experience. Ads usually get in the way (see Angry Birds) or they take away some of people's bandwidth if they don't have unlimited data. So no matter how you look at it somebody "pays" for it either way.
I'm not arguing for or against if this development should be on xda, just a different angle that i was thinking about for a long time.
the same, i'm not arguing for either side. just a debate towards both ends.
it's almost a rock/paper/scissors argument. each on trumps another.
developer distributes free app with ads. consumer likes app but dislikes ads. developer needs to keep consumer happy to get any downloads but still needs to get their revenue stream flowing, ie. ads stay in.
rinse, repeat.
If a consumer likes the app but dislikes the ads, said consumer should buy the full / pro / ad-free version.
Ads themselves bring very little in profits unless the app is used a LOT (like the Angry Birds example, which is extremely rare), and it's the correct type of app. A game is always in the foreground, you actually see the ads. A utility which runs a background service and is built well so you hardly ever need to interact with it, you'll see the ads pretty much never, and click on them even less. It is even arguable that a less well-built app brings in more ad-profits because you need to interact with it more.
I would argue (and in my experience this is correct) ads have more effect profit-wise in the number of people who are annoyed by ads and thus buy the full version than the ads themselves bring in. This is an important effect of ads that should not be overlooked, and this is IMHO a more important revenue stream adblockers negate than the ads themselves.
As for how big the percentage of adblocker users is, also depend on the target. For example, an application with ads targeted at root users, is much more likely to get adblocked than a non-root app. I would guesstimate (based on my own experience) the factor may be as high as a 20x difference.
At the end, it all comes down to that the user wants things to be free (and somehow they still want to be payed at their own jobs) while developers want to somehow get payed for their work, just like everybody else does. Somehow most users these days seem to think that because they technically can rip people off, it is not morally and ethically irresponsible to do so.
Reasonings like "I wouldn't pay for it anyway" or "I can't pay for it" or "I won't click the ads" or "the interface with ads annoy me" or "the ads take my limited bandwidth" are all both nonsensical and invalid in most cases. If you don't like it, be a real man and just don't use it, or pay for a version that doesn't have these limitations (and if it doesn't exist, again, simply don't use it). Don't have a credit card? Get one. Don't want to click ads? Then don't. (Or did you think they were placed in that annoying spot by accident ?). Want it different? Pay up. It not being the way you want it is never a valid reason to rip others. Ads taking your bandwidth? Pay up.
I'd like a car like yours, maybe I should just take yours and leave you empty-handed ?
Now of course with the latter statement, you would get people arguing that the unlicensed copying of software (in this case, yes, I am equating adblocking on ad-supported apps to piracy) is technically not theft while stealing your car is. While that would arguably be true from a dictionarial definition standpoint, it certainly isn't true from an economic standpoint.
As anyone with some knowledge of economics will assert to, a product's price calculation (excluding gaining market dominance or entry factors, simplified) goes something like this:
sale price = ( (research and development / expected units of sale) + (manufacturing cost + distribution cost) ) * (1 + profit margin)
Because "copying software is essentially free" (though distribution can still be a big amount, it is for more popular projects usually a negliable factor), the argument is usually that the manufacturer (developer) doesn't lose anything. In reality, all it does is remove (manufacturing cost + distribution cost) from the equation, and still leaves you with the costs of research and development and profit margin. Therefore, there is still a very real correlation between the economic effect of this and the economic effect of "actual" theft. It is not an unreal possibility that the developer of a semi-popular ad-based application could buy a new car if there were no adblockers, while now he is flat broke.
Adblocking in this case reduces the total units sold because there is no way or incentive to pay up. It is the same as piracy in the way that you are using something for nothing. Then again, it shouldn't be outlawed in the same way that BitTorrent shouldn't be outlawed. It's not the tool that is the problem, it's (the bulk of) the people using it.
Wow, I've really gone off on a tangent today. And that's not even including developer rights vs user rights, or when no ad-free version is available, or the guns vs piracy difference, or how developers on Android don't make any money anyways, or etc etc.
hmmm interesting thread personally i think it is wrong to edit a program to remove the ads in it that should be a no no, because your altering someone elses work, and essentially losing them revenue which would cause free apps to become just paid and non ad supported (possibly)
adblocking via hosts files however i think is perfectly fine as your not altering someone elses work. adfree i also have no problem with as essentially its just a downloader for hosts files i guess for people who don't know how to push a hosts file themselves. personally i just push the sames hosts file from my desktop seems to work quite well infact its the one reason i rooted and s-off'd my Desire HD
as for adfree being in the market yeah it is surprising because google makes alot of revenue from ads so its surprising they allow apps to block these revenue sources i guess however its just goes to show how hands off google is with user apps compared to say ....apple
and lets face it the average user wouldnt be pushing files and gaining root access ect to do it (none of my friends have) i think its a select few who will actually go to the trouble to actually remove the ads probably not enough to impact revenue from ads however if someone is redistributing a apk with ads removed then its probably going to do more harm.
one things for sure my DHD is staying ad free (its not so much ads in apps but ads in webpages that bother me)
http://forum.xda-developers.com/showthread.php?t=1453695
Why are you creating 2 topics about it?
Had you tested it? How it compare to theoretically best Zoner Antywirus? Tell us some more, than posting links - this is kind of flooding.
For me, this program won't beat Zoner.. for now.
Anyway, I'll test it
Rayman96 said:
Why are you creating 2 topics about it?
Had you tested it? How it compare to theoretically best Zoner Antywirus? Tell us some more, than posting links - this is kind of flooding.
For me, this program won't beat Zoner.. for now.
Anyway, I'll test it
Click to expand...
Click to collapse
sorry if i did hurt you. well i was a beta tester for the app. it did performed well for me, besides comodo is a reputed company after all and they are standing for free softwares.
I posted the links cause it contains all the details of the software, details about the company etc, i thought its better than i explain those details.
about double posting, the one i posted is in the general section is for all to see. The second is for my fellow lgp500 users, where i really belogs. i hope i am clear enough. no harm ment
Best free antivirus is your brain - never install app without good amount of comments about app.
AdvDretch said:
Best free antivirus is your brain - never install app without good amount of comments about app.
Click to expand...
Click to collapse
Who in this world has time to read all that? Have you ever tried to read Google’s conditions and policies while creating a Google account? Certainly the answer would be ‘NO’. Do you know that Google had 60 different policies that helped them to collect data from your personal Gmail and other Google apps? Now do you know that they had merged all these in to one policy?
Google will know more about you than your wife does. Everything across your screens will be integrated and tracked. Google noted that it collects information you provide, data from your usage, device information and location. Unique applications are also noted. Sure you can use Google’s dashboard and ad manager to cut things out, but this policy feels Big Brother-ish. Google is watching you as long as you are logged in. It’s also unclear whether this privacy policy move will be considered bundling in some way by regulators. This unified experience hook appears to be at least partially aimed at juicing Google+. Google responded with clarification: Google noted that it already has all that data, but it’s now integrating that information across products. It’s a change in how Google will use the data not what it collects. In other words, Google already knows more about you than your wife.( not my comment go read this.... http://m.zdnet.com/blog/btl/googles-new-privacy-policy-the-good-bad-scary/67893)
Now my question is whether Google is good or bad? Do you need Droidwall to defend your privacy? Or do you still believe in your Brain(better do not believe in brain but use it to think rationally)?
Conclusion: we need a new definition to “virus”...My contribution is Anything that steals your private data is a virus.( no flames needed, no harm meant...just my thought about the relevancy of protective apps like Droidwall, comodo, avg, etc. ...etc)
,do we realy need anti virus?,
algie17 said:
,do we realy need anti virus?,
Click to expand...
Click to collapse
You dont need one
Sent from my LG-P500 using XDA Premium App
josinpoul's mean run anti virus before creating Google account
And if too don't have anti virus then don't use Google. Josin your explanation is wrong. Brain and antivirus both useful.
No need for 2 topics about one thing but thanks for sharing!!!
http://ca.reuters.com/article/technologyNews/idCATRE81N1T120120224
By Jim Finkle
BOSTON (Reuters) - Cybersecurity experts have uncovered a flaw in a component of the operating system of Google Inc's widely used Android smartphone that they say hackers can exploit to gain control of the devices.
Researchers at startup cybersecurity firm CrowdStrike said they have figured out how to use that bug to launch attacks and take control of some Android devices.
CrowdStrike, which will demonstrate its findings next week at a major computer security conference in San Francisco, said an attacker sends an email or text message that appears to be from a trusted source, like the user's phone carrier. The message urges the recipient to click on a link, which if done infects the device.
At that point, the hacker gains complete control of the phone, enabling him or her to eavesdrop on phone calls and monitor the location of the device, said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike.
Google spokesman Jay Nancarrow declined comment on Crowdstrike's claim.
Alperovitch said the firm conducted the research to highlight how mobile devices are increasingly vulnerable to a type of attack widely carried out against PCs. In such instances, hackers find previously unknown vulnerabilities in software, then exploit those flaws with malicious software that is delivered via tainted links or attached documents.
He said smartphone users need to prepare for this type of attack, which typically cannot be identified or thwarted by mobile device security software.
"With modifications and perhaps use of different exploits, this attack will work on every smartphone device and represents the biggest security threat on those devices," said Alperovitch, who was vice president of threat research at McAfee Inc before he co-founded CrowdStrike. Researchers at CrowdStrike were not the first to identify such a threat, though such warnings are less common than reports of malicious applications that make their way to online websites, such as Apple's App Store or the Android Market.
In July 2009, researchers Charlie Miller and Collin Mulliner figured out a way to attack Apple's iPhone by sending malicious code embedded in text messages that was invisible to the phone's user. Apple repaired the bug in the software a few weeks after the pair warned it of the problem.
The method devised by CrowdStrike currently works on devices running Android 2.2, also known as Froyo. That version is installed on about 28 percent of all Android devices, according to a Google survey conducted over two weeks ending February 1.
Alperovitch said he expects to have a second version of the software finished by next week that can attack phones running Android 2.3. That version, widely known as Gingerbread, is installed on another 59 percent of all Android devices, according to Google.
CrowdStrike's method of attack makes use of a previously unpublicized security flaw in a piece of software known as webkit, which is built into the Android operating system's Web browser.
Webkit is also incorporated into other software programs, including Google's Chrome browser and the Apple iOS operating system for the iPhone and iPad.
CrowdStrike said it had not attempted to create software to attack iOS devices or the Chrome browser.
Ok, now a group of hackers control 500000000 devices... an antivirus will slow the phone down more than a hacker trying to run a phone from another continent over your 2G network... just think about it... how can your screen be monitored over 3G in real-time? It can't be done on my 5Mbps PC...
And if you turn data off, then 1GB of data will be sent to google when you turn it on??? Think logic...(where the f**k do you store that??? I think the effect will be noticed right away, and the attacker has no time to take control, unless you are stupid enough to see a 1GB file and not suspect anything...) PCs have real-time protection, but that is because there are terrible threats out there, and they are optimized, they don't slow down... on your phone, you will regret having a phone for 2 years running like **** and then dropping in water, while you could have best performance in those 2 years...
We are not windows, but we are android, and it is the most unsafe mobile OS, if you want a safe one, get from apple... just 2x price at ½ quality...
Sent from my LG-P500
well i use avast antivirus
but not for scanning viruses
but rather for anti-theft feature and firewall(blocking apps)
and isnt android a java based OS ??
im sure there are not many virus's
that can cause heavy damage
So I download this X-Ray vulnerability scanner app (it's legit) and scan my device. To my surprise, even my Nightly is vulnerable to the mempodroid exploit. Should this concern me enough to file a CM bug report? By the way I use Franco kernel so if this is a legit exploit should I consider contacting him? See original G+ thread. https://plus.google.com/117694138703493912164/posts/AfNQ7cT9JYV
Sent from my Nexus 4 using Tapatalk 4 Beta
Mempodroid is a root exploit and considering that CM comes pre-rooted you shouldn't have anything to worry about
Sent from my NEXUS 4 using xda premium
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
MikeRL100 said:
Oh good. What a relief. So that means we have no known vulnerabilities. That's good. Take that Apple.
Sent from my Nexus 7 using Tapatalk 4 Beta
Click to expand...
Click to collapse
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
If people are worried about security they should not be rooting their devices to begin with.
Sorry if I'm offending
zelendel said:
If people are worried about security they should not be rooting their devices to begin with.
Click to expand...
Click to collapse
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
scream4cheese said:
http://www.theepochtimes.com/n3/152836-android-master-key-security-flaw-affects-900m-devices/
Click to expand...
Click to collapse
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
MikeRL100 said:
Sorry for disagreeing with you, but I worry about common sense security. If this is a root exploit that is needed to ship with CM to allow one to use root, no biggie. I know root makes you vulnerable, but guess what? So does administrative access on Windows. If I worked for the governemnt or a large business I would have a different, possibly non-smart phone to do that task. I'm not stupid enough to go downloading cracked apps from pirated sites, but let me tell you all something. On my PC I had Opera 14 installed and used it during when one of Opera's employee's PCs got hacked and injected the Opera certificates with malware. I freaked. Prooves that a targeted attac could be successful, even with good protection. Luckily, my layer of security (MVPS hosts, Avast, and Malwarebytes Pro) kept it from even approaching the front door. And my Linux box even has the MVPS hosts file as well. Also, if this was an actual vulnerability to be concerned about, Steve Kondik would've patched it before the iCrap loving media could get new anti-Google propaganda. By the way, I am arguing with none of you, but I do need to make a point. I know since Android is based of Linux and not Windows NT, it is hella more secure. I would not root this if this phone had to be used under secure conditions. I'd either disable root while at work, or get a second phone. Yes I love root that much. But I don't get malware very often, havent' had an actual infection that wasn't blocked in many many years. Never even had Android malware. You know why? Hosts file+common sense. I never go to pirated sites, and never will. I love the XDA devs, community, and even some of the non-XDA Google Play devs enough not too. And when I say love, I mean I don't want to see their income sapped. Piracy is a no-no on XDA, but I'm sure it's OK to condemn it. And my talk on that ends now. :good: So onto the main topic, I have common sense, some privacy protections, and I don't just allow any app superuser access. I check reviews first and even have a malware scanner in Advanced Mobile Care. No on demand protection since its not necessary for me, and I never have gotten malware. I bet jailbroken iOS devices get more malware since most of the apps on them are cracked since Apple boots you out of iTunes for jailbreaking. Also, even though I'm rooted I like to know what each exploit means. No device or computer (even a hardened Linux server) is safe from the most skilled black hat. But since I'm not a target of interest, I have some malware prevention via the HOSTS file, Android is more secure than Windows, and I most importantly have common sense, I'll be fine. Maybe I'm too lax on security, but I guarantee you, I will adapt if some freak drive by download trojan comes to Android and by some crazy way gets malware through the Play Store with reputable apps. If a nasty was detected, or an app just looked different enough, it ain't gonna get no system access from me. So go ahead you iOS loving "Android is the next Windows XP" malware magnet pundits in the media, go ahead (that i if any Apple trolls stumble across this thread). I guarantee none of the streams of infected botnets will not add another to the collection. Like I said, not arguing with you but I disagree with you (at least initially) on how powerful my common sense is. I'm not saying you're doubting me, you're a cool guy and more than likely give a lot of assistance around here, but I may look like a noob troll cause I am a Junior member, but I was a long time lurker, and on AndroidForums I have been around a bit. I'm not some sort of super brain (at least not yet) and I do know rooting hampers security, but although I care about security, I just don't want my precious Nexus 4 and 7 to ever become virus magnets. I should have mentioned it, but I thought that vulnerability in CM was because it needed an exploit to have root by defaul (even though CM has disabled it recently). Also I will take some blame myself if I offended any of you. I am paranoid about a lot of things. But it's good to be paranoid to a certain extent. That would explain the lack of malware on all of my computers. But I should pay less attention to the social networks. Even G+. If this was on Facebook, mind you all, I wouldn't have game a damn about it. Facebook is full of trolls, fanboys, and noobs. That's why I rarely use that site and when I do, I pretty much block off all access to my profile from strangers. G+ encourages sharing with new people, while Facebook is like being with your old clique of buddies. That's why I use G+ so much now. That and I can help idiiot test things for developers. :laugh:
Yes you're definitely right we have a security issue. Not that Android itself is insecure (both my Nexus 4 and 7 were rushed to the latest Nightly to prevent them from joining a botnet) Good thing is custom ROMs create headaches for the bad guys cause they fragment Android (not in the iSheep style way of not getting updates) but in the way that they remove bloatware and some system apps, increase security in some areas, and in general all the code changes make it harder to create a universal botnet. I guarantee 95% of that botnet will be from OEM stock phones. We forget around here that most people are ignorant of common sense and security, if not downright stupid and don't care about security as long as they get their free cracked apps. We're the nerds here and most people are going to make it easy for these holes to be abused. They go to the most untrustworthy sites, install unstrustworthy apps, and are basically asking for it. Also the OEMs are pathetic for not all having a way to quickly patch Android. This type of stuff should sound an alarm to create a security update. I can see not giving an old phone a new version of Sense/touchwiz/Motoblur,etc. but denying security updates is ridiculous. The government should sue the offending OEMs if they want to be respected by the geeks a little more after the whole NSA mess. Because despite the fact that we aren't the ones here creating the botnet, what are we gonna do if thousands of clueless users install cracked apps that contain malware with the exploit, and form a botnet, that say DDOS attacks Google. Then Google Services would be disrupter. Also Google (who I am a big fan of) needs to stop being greedy in the one area of Android updates and force OEMs to include security patches and also backport and open source the security patch ASAP. I know CM is safe from that exploit already, I saw Steve Kondik's commit. But the OEMs are the problem. Google needs to push them past their comfort zone. You can have a car that is 10-20 years old and just because it's out of warranty doesn't mean that even if it takes a fool to make the engine explode in a deadly blast, that the manufacturer would just it there. I've seen Chevy recalls for example. One of them was a recall because something would catch fire if you were an idiot and poured gasoline or engine fluid or somehting on the engine. Of course the people doing this were stupid, but the same is true with technology. Why let the clueless and in the worst case those that just don't care create a botnet for us all to suffer from? Create an idiot patch and stop the situation from exploding. Please OEMs. Do something right for once.
Click to expand...
Click to collapse
Oh you have many valid points. My statement was more for the average user that really has no use for root. They root and flash cause they think it is cool.
The carriers and OEMs are trying to do something to stop it. The are locking bootloaders and making unrootable kernels (Samsung) To be honest I think this is a good idea for most users. They have no really need for those things and only end up with issues cause they have no idea what they are doing.
Cm Released a set of patches today to block some of the security issues.
See that is the issue with With OEM. Google cant force them to do anything. All the carrier has to do is take the AOSP code and add their stuff to it. No one can say what they have to add or not. This is why I only get nexus devices. I watched Euro devices get updated by the OEM while the US based devices never saw any updates at all. Including security updates that the OEM had issued. As long as the Carriers control what happens to the devices there is nothing that we can really do.
#Nexus4Lyfe I wish this was G+. I felt like a stupid hash tag would be appropriate.
Backstory: I've always used iPhones, was tired of the bull****, and wished for Android especially the S8. Was shocked, and I'm rarely shocked, but the agressive violation of privacy, the crazy amount of bloatware, and the unoptimised UX and system services overall.
Now, I'm in charge of a wide ecosystem of people using smartphones in our company as well as other companies I consult for. While people always blab about personal privacy (which is a concern of course), what I don't understand is how people dealing with either sensitive, contractual or strategic informations could use Android devices given that it *excuse but there's no better terms* rapes your privacy in every, but also I'm pretty sure, illegal, ways.
For exemple the Sound Detector app, even when disabled, is constantly listening to your environment without your priori knowledge or permissions. In fact it's mainly the permissions scheme that baffles me: on iOS or any PC or Mac, you can install any app without being constrained to accept giving out information or accessing functions that have nothing to do with the app, THEN you can choose what precise permissions, when and why. And of course there's the whole wider problem of usage and data tracking (which I apparently have to install...a firewall??) or even malware (I have to install a separate antivirus for...on a smartphone). Worst exemple being that of course: www.theverge.com/2018/1/2/16842294/android-apps-microphone-access-listening-tv-habits
Now I like Android for all their efforts, development and implementation, as well as Samsung efforts...but I'm on the verge of having to present a report to ban all Android phones (for a "leave at door" Policy or either iPhone, BBMs and any other "more" secure smartphones) like I just realise they did in the US government and other official institutions as well as some corporations...or...understand very well how it works, and devise a clearly guide on how to completely optimise and secure Android smartphones like I would for PCs/Macs.
So here's my mission if you accept to help me:
1. I want to deconstruct how Android works in a very simple scheme for noob.
2. From that I want to list all the system packages and services, to determine those that are critical, optional or bloatware, and actually describe exactly what they're for so people have a clear idea.
3. I want to list all the base applications, stores or packages apps, to determine those that are critical, optional or bloatware, then what they're for and most importantly the best alternative apps to these.
4. I want to list and make a simple schemes of how the device components (sensors, cam, mic...), the different data canals, and the the different permissions are circulating or violating privacy while screwing cpu time, battery and data.
5. Finally I want to learn, understand and create a simple noob introduction to the different tools like Xposed (and XprivacyLua which seems to be the best options), package disablers (I personally went for BK), Firewall, Adblockers and Antivirus (honestly didn't even think I would need those on Android).
So I guess first, I'll list all the apps, packages (and sub-services) that my Galaxy S8 came shipped with that overwhelmed me, so as to know for a basic Galaxy S8/+/Note what is a consensus of what to disable, why, how and by what to replace if there's alternative, while listing basic how-to's of the tools to that. Note that I only know about BK Disabler as of now.
Reserved
Upd: I haven't had time, but I'm starting to do a table with all the packages, what they're for and wether to disable them.
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
why would you need an antivirus for a phone if you stick to play store apps?
rashat999 said:
why would you need an antivirus for a phone if you stick to play store apps?
Click to expand...
Click to collapse
There are plenty of play store garbage apps with spy ware and crap in them
vladimir_carlan said:
You do know that Silverpush do affect both iPhone and Android, right? And "leave at the door" policy or either iPhone or BBM? There's two errors in this sentence. Are you really what you claim to be? Or just someone with an agenda who just created an XDA account?
Click to expand...
Click to collapse
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
OgreTactic said:
iPhone (pretends to) be safe and secure and doesn't straight-up violate your privacy by forcing unneeded permission even before installing the app and running tons of spyware as per unbox while giving all your infos out to apps that demand it and more. It's also a question of procedure: iPhone are really easy to fix/secure with a jailbreak, I didn't even root this Android I got and realised how terribly aggressive their violation of privacy is.
But again, I just want to give people the choice as long as their device is secure, that's why I'm learning all the quirks of Android and how to secure them. All our IT guys confirmed that unless you know exactly how to secure Android devices like we did for our computer park, employees better go for an iPhone.
There's a difference between Apple that might have backdoors to the NSA, and Android that is a crazy open buffet for -permitted- informations stealing without even talking about spyware or silverpush. My Galaxy S8 came with apps and packages that were constantly listening through the mic without my prior knowledge, installation or authorisation, this is intolerable. But I switched for a reason, I'll see if using Android is easily manageable or if it's better to ban them from inside use.
Click to expand...
Click to collapse
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
vladimir_carlan said:
Mate my question still stand: are you really what are you claiming to be or you just have an agenda? Some badass company appointed you to decide what is secure and what not. Really? You? In Op you are talking about thinking to allow only iOS and BBM (it's Bbos BTW) only. BBOSS? Really? BBOS was discontinued one year ago...no more updates no more security patches, no more nothing.
Click to expand...
Click to collapse
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
OgreTactic said:
That's not my job, but that's part of mine to decide or push in front of committees what tool we should use, purely from a utilitarian, managerial and system POV. None of us beside IT guys ever realised how Android were intolerably insecure, I've had my head in Apple buttock for years thinking "yeah, that's too limited and I heard Android is now as stable and well made".
But I don't want to go back to iPhone either, so here I am sitting with a Galaxy S8 I'm still not using because I don't where to start to secure it, whether I should try to fix everything on the factory rom or just root it.
Click to expand...
Click to collapse
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
vladimir_carlan said:
Okay...what exactly makes you to feel insecure? I understand you're bothered that some apps are accessing your microphone. That's easy... Settings-Apps. Tap on those three dots and chose app permission. You'll see what apps have access to microphone and deny permission for them. Job done. What else makes you to feel insecure?
Click to expand...
Click to collapse
I put my S8 away for now I went back to an iPhone. I'm using it off-grid to still try and figure out how it works.
Basically my problems are clear:
1. There's no transparency in background processes/services, the component they use and the data they send.
2. The way permissions are managed is intolerable: forcing you to accept non-necessary and arbitrary access to connected components or private information BEFORE installing the app is a form of extortion. The same goes when running the app: forcing permissions that are not critical to the app code actually running is a form of extortion. Baffles me how Google even allows that today.
3. The fact that there's even a need for a firewall and antivirus, and that the official stores is filled with illegal (copyright infringing app so blatant) and therefor myriads of potential malicious apps like Silverpush-enabled one, without any store control or curation on Google's part.
All this means there is no way I will use an Android rather than an iPhone and allow anyone dealing with private or "sensitive" commercial informations using one inside the company. I'm still trying to figure out if going straight to root is the solution, if I'll have to use cryptography for documents and coms, or if I'll have to spend days figuring out Xposed+Xprivacy, Packages Disablers, MicroG alternative libraries, Firewall and Antivirus and god knows what to make it decently secure like an iPhone (which doesn't aggressively violates your privacy and is really easy to secure with a jailbreak...unless there are hidden backdoors which is still far from the probably illegal open-buffet of private and sensitive informations Google provides to any potential malicious websites, scripts or apps).