Difference between revisions of "Android Security and Privacy"
| Line 69: | Line 69: | ||
references: | references: | ||
| − | [How do I stop my phone from automatically uploading pics to ogle plus] | + | [http://productforums.google.com/forum/#!topic/picasa/nqIVL_cdI9I How do I stop my phone from automatically uploading pics to ogle plus] |
| | ||
Revision as of 12:12, 17 June 2012
The number of free Android apps that may be infected with malware is on the rise. Although some of free apps might look suspicious, others bearing names such as "Quick Notes" or "Chess" seem innocent, yet contain some of the worst payloads.
The basic types of security risks associated with downloading and installing android apps range from those that collect general usage stats about your online activity, those that invade your privacy collecting personal information, to those that install outright backdoor trojans granting strangers access to your android device and potentially your entire private network.
Android is unlike Apple's IOS in one fundemental way. For better or worse, Google (Android) does not exercise much control or oversight on what developers put on the Android Marketplace / Google Play while the Apple App Store is strictly moderated by Apple. Developers have more freedom to create and share android apps. Unfortunately, malicious app developers find it relatively easy to take advantage of this lack of oversight and make their malware available to the public though Google Play.
Google will remove apps when too many complaints are made, but they do little to inform users of what apps are adware and how intrusive the level of adware may be. They only classify apps as either free or buy. This is a clear deficiency that is entirely on Google to correct, and so far they don't seem to care.
Contents
Tips to Avoid Malware
- Always research the publisher of the app. What other apps does it offer? Do any of them look a bit shady? If so, you should probably stay away.
- Read online reviews. Android Market reviews may not always be truthful. Check around to see what reputable Websites are saying about the app before you hit the download button.
- Always check app permissions. Whenever you download or update an app, you get a list of permissions for it. An alarm clock app, for instance, probably shouldn't need to look through your contacts. The general rule of thumb: If an app is asking for more than what it needs to do its job, you should skip it.
- Avoid directly installing Android Package files (APKs). When Angry Birds first came to Android, you could get it only through a third party. This is called "sideloading," or installing apps using an .APK file. Although Angry Birds wasn't malware, in general it is highly advisable not to download and install .APK files that you randomly come across. Most of the time you won't know what the file contains until you install it--and by then it's too late.
- Put a malware and antivirus scanner on your phone. Although many people still think that antivirus scanners on phones are useless, maybe outbreaks such as this one will change minds. Several different big-name security companies already offer mobile-security options, many of them free. I myself had downloaded "Spider Man," which is on a bad-apps list. My Lookout software identified it as a Trojan horse.
source: PC World Malware Off Your Android Phone: 5 Quick Tips
Free Apps and Adware
Some free android apps do not have advertisements, while others do. Adware is free software that has advertisements for other products and services traditionally displayed within the app that you see while you use the app. Some adware is benign for the most part. Basically, while you have the app open, you will see a banner advertisement somewhere on the interface. Note that recently some of the new adware has been breaking the boundary of showing ads within the app, and invading other areas of the Android device, becoming intrusive.
Often adware will connect to the Internet, using your data plan or wifi connection, and update the advertisements. The more aggressive adware will collect data about you from your device memory and send it back to companies that use that data. Finally, the most aggressive adware actually downloads and installs trial apps onto your device without your permission.
A Major criticism of Google Play is that it is not clear which apps are adware and which are not. In the days of shareware sites like Tucows for the PC, there was a clear distinction between Freeware and Adware. You always knew what you were getting. Google doesn't seem to care if you are aware that a free ap is actually adware. Google clearly lacks the ethics of the PC shareware predecessors.
On Google Play (also known as Android Market) more passive adware is being replaced by new aggressive push adware, and furthermore by outright spyware that is collecting data about you from your own android device and sending it back to 3rd parties. In some cases certain apps that were previously benign have become malware after updates for that app were released by the developer. This is when a good app turns bad.
reference: Detect addons (push adware and some malware related to advertising): Use https://market.android.com/details?i...addonsdetector
Some companies are looking to address the security risks being introduced by these offending adware / spyware apps. There is one called Lookout Security. Lookout Security launched its free Ad Network Detector in early 2012 but it does not flag apps that exhibit aggressive ad serving. Lookout only protects against malware that threatens your phone as opposed to adware.
"The intent of this product is to clarify for users the behaviour of applications that display ads," said Derek Halliday, senior product manager for security at San Francisco-based Lookout. "And two, to show users what privacy and information collection apps and their ad networks are doing. We're trying to provide transparency."
source: ComputerWorld UK Lookout Ad Network Detector sniffs out aggressive Android 'adware'
Android Phone's Notification Area Ads
If you have installed an adware app using push ads, you may see behavior described by Android user as follows, "In my notification bar (where phone signal, etc. is) a green plus symbol will appear. When i bring down my notification menu it's suggesting to download an app." This person installed something from Google Play containing push ads. It was advertised as a free app with no mention of using push ads.
One remedy is to install an app such as "Airpush detector" or "Addons Detector". They can identify which app has those plug-ins.
There are some new apps reported to block ads from going to your phone even if you have adware installed. One is known as Adaway but should be used with caution.
source: The Spicy Gadgematics Remove Android Phone's Notification Area Ads Quickly - Airpush.
Adware Getting More Aggressive
Thousands of Android apps now include software that shoves marketing icons onto your phone's start screen or pushes advertising into your notification bar--and many of the apps give you no warning about the ad invasion. Many of these ads come from mobile marketing firms such as AirPush, Appenda, LeadBolt, Moolah Media, and StartApp. The companies work with greedy app developers.
Push Ads
The mobile ads are called "push notification ads" and "icon ads." Push notification ads deliver small alerts to an Android phone's notification bar. Icon ads, as the name implies, are icons that are inserted onto an Android phone’s start screen.
Push notification and icon ads are more intrusive than in-app ads. In-app ads are only visible whilst you use the app that the advertisement supports development of. Push and icon ads invade areas of your phone outside of the adware program they came with.
The main crime is that the app developer is often not disclosing the push ad payload that goes on your android when you install their app. These obnoxious intrusive ads are being installed without the android owner's consent.
Both AirPush and Appenda offer clear ways to opt out of receiving ads via their websites. But it isn't obvious that consumers would know they should visit those sites to opt out. On Appenda’s site, you submit your phone number to opt out of receiving push notification ads, which leads to privacy concerns. What will they do with your phone number later on? Do you like telemarketers and text spam?
source: PC World Sneaky Mobile Ads Invade Android Phones
Google Spying and Harvesting User Data
Google+ (formerly Picasa) automatically stealing pictures off your phone
The Google+ application which is pre-installed, will by default automatically upload photos you take on your Android device.
references:
How do I stop my phone from automatically uploading pics to ogle plus
Keywords: Android Tablet PC Samsung Galaxy Tab Two 2
