Database Info

Android Accounted For 79% Of All Mobile Malware In 2012, 96% In Q4

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Is it because Android is the most popular smartphone platform in the world right now, or is it because it’s just fundamentally easier to attack? In any case, Google’s mobile juggernaut Android continues to be the world’s biggest magnet for mobile malware. According to a report out today from security specialists F-Secure, Android accounted for 79% of all malware in 2012, up from 66.7% in 2011 and just 11.25% in 2010. On the other side of the spectrum,*Apple’s iOS, the world’s second-most popular platform for smartphones in terms of new purchases, remains one of the least compromised, with 0.7% of malware on its platform.
Symbian, whose market share is in rapid decline*and is being left for dead by its former parent Nokia, is down to 19% of all malware, compared to 62.5% two years ago. F-Secure predicts that it will go the way of the dodo bird and become extinct in 2013, as users replace their Nokia handsets with Android devices. Meanwhile, Windows Mobile, BlackBerry and J2ME each accounted for less than 1% of threat families in circulation in the year.
Breaking down progress over the past year, Android’s malware record appears to have seen a particularly bad spike in Q4 2012. F-Secure notes that in the fourth quarter it accounted for a full 96% of attacks. In fact, according to its records, all other platforms except for Symbian (at 4%) didn’t appear to have any malware threat families received at all.
Holding these up to Q4 market analysis, these figures are not proportionate to market shares for current sales, but they are somewhat more reflective of what devices are in circulation today.*In that sense, the shift between Symbian falling and Android rising is due to the fact that Android has been the biggest benefactor of Symbian’s decline.
“Malware in general has a parasitic relationship with its host,” writes Sean Sullivan, security advisor at F-Secure Labs. “As old Symbian handsets continue to be replaced by those with other operating systems, especially Android, Symbian malware dies off and will probably go extinct in 2013.”
In terms of what forms malware is taking, F-Secure says that 66% of detections were Trojans (malware masked as something else). F-Secure believes that Google’s increased security prompts, which it introduced with the 4.2 variant (Jelly Bean), should help bring that number down. However, if you look at Google’s most recent stats on distribution, released this week, Android 4.2 is only at 1.6% — meaning that this make take some time to come to pass. (For the record, Gingerbread 2.3.3 and upwards remains the most popular in terms of distribution, at 44%, with Ice Cream Sandwich at number-two with 28%).
Another major problem continues to be dodgy SMS messages: F-Secure notes some 21 of the 96 Android threat variants come from premium SMS that encourages downloads and sometimes end up as repeat problems by way of subscription services to which users unwittingly become subscribed. Then, users don’t know about this until the charge comes up on their bill — if they bother to scrutinize that bill, that is.
Interestingly, F-Secure also notes that those releasing malware have become more sophisticated in their reasons for infiltrating devices. Specifically, there’s been a significant shift in terms of malware attacks becoming financially motivated over the last several years, with financial gains now well outweighing those attacks that have been made in the past. Why the shift? It may be because malicious hackers were still learning the ropes for how to infiltrate devices back in the day.
Or it could be something else:*The rise in financial motivations also speaks to the fact that we as a population are using our devices for significantly more transactional services — and that makes them increasing targets for attacks aimed specifically at that fact. This is something that will eventually have to be squared with all the many ambitions and developments in the market today to turn our handsets into our default wallets.
Update: TC has reached out to Google for a comment, but a spokesperson says that the company does not comment on security company reports. Also worth pointing out a dissenting opinion on the above data from a reader in the comments below, highlighting that what gets identified as malware may sound more alarming than it actually is.
“F-Secure can say that anything is malware, even ‘dodgy sms’ which doesn’t fall under the definition of malware…. They say they detected trojans, but they didn’t explain what were their effects on the system, because if they did, everyone will know they’re not really trojans, that’s only what they want you to think,” he writes. “I’ve been using different droids for 3 years now, never had an issue with them. I’m a developer by the way.”
Be that as it may, there are more than security vendors putting out reports and warnings on malware and cybersecurity threats. Smartphones are still an emerging area — but a hugely popular one — and therefore remain a moving target
Source: techcrunch

thank you for sharing your valuable reserch
Hi, your post has helped me a lot in researching on this topic. It sure makes a lot of sense.

[Project] Metahill | Getting live help real quick to programming questions :)

Metahill Website​
Introduction
The rage is all about Metahill!
Metahill is a small project made up by 3 computer science students in Karlsruhe, Germany.
We intentionally only use the state-of-the-art technologies HTML5, CSS3, Javascript und Python.
No weirdo Flash and for sure no Silverlight is required. Ah yeah, and thus the website by the way loads super-fast .
But let's come to the real thing here..
What exactly is it about?
The best thing to do here is most likely just citing the landing page:
At metahill, you can meet other enthusiasts and chat with them in real-time.
It is entirely free, ad-free and community-driven.
Simple.
Click to expand...
Click to collapse
Metahill is a website where you can totally free of charge (and ads-free!!) chat with ethusiasts all around the world.
The cool thing is that all communication is categorized by rooms - the chat rooms. Plenty exist by default, but everyone may make new ones.
Users help users.
Of course you can be within multiple rooms at the same time, that is no problem at all, it's encouraged!
The page then looks just like that:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What are the advantages of metahill.com over existing medias?
There is a bunch of good reasons why Metahill can be considered "superior" to other, existing services.
We listed the most significant ones at the official Metahill help site.
I will just touch the categories in this topic. Nonetheless you can find a longer description on each of these at the help page http://www.metahill.com/help
Uniformity across all devices
It is easy to get involved
It is lightning fast, thanks to open standards
We're organized
Beyond text
Never again miss anything
Behind all this is an open community
Metahill is simple to use
Community-revised code on German servers (Nope, NSA!)
To the original list.
Why im I posting this?
I like XNA and the people around here!
Leaving this aside, we also seek freaked-out beta-testers "early adapters" who would like to test metahill or even get involved.
This project is now online since a few month and keeps running quite stable, yet we need waaaay more users for the network to reach its full potential!
What is _your_ top-feature of metahill?
Messages are (if you choose so) logged for three days and there is a real bunch smilies and easter-eggs. Awwr, I like easter-eggs.
Yet my favorite feature is that I can share images so easily. Drag'n'Drop (or CTRL-C/V) your picture into the browser and the others will see it. Dude, it can't be easier . Problem reporting is a dream.
Metahill for (Web)Developers
One thing at the beginning: The developer page can be found at http://d.metahill.com.
What's planned are Android and iOS apps of Metahill.
You can embed Metahill as a client within your websites using iframes.
For instance to comment live-streams, let's play's or just to offer free live-support on your website.
To the "Embedding Metahill" Blog-Entry.
Final words and links
For updates you can surely reach us at...
Our Blog: Metahill Blog | Stay on top of the Metahill.
Facebook: Metahill Community
Twitter: @metahill_com
Google+: Metahill
I hope we will meet there too and look forward!
so long,
Michael

Why don't you support at least IE10? I'm browsing from a windows 8 tablet, and I can't even get to a landing page? Nice.
BTW: I really like XNA too.

We support Chrome, FF, Safari and Opera. IE still does not meet our standards, nor does it meet state-of-the-art web standards. The IE10 is at the technological level of Chrome 16. The current Chrome version is 29 and 30 is just about to come out. I strongly encourage you to use one of the four above browser if it is possible.
That is the reason why we both confidentially and intentionally do not (and never will) support the Internet Explorer.

countryqt30 said:
That is the reason why we both confidentially and intentionally do not (and never will) support the Internet Explorer.
Click to expand...
Click to collapse
That's great, but that "never will" tells me that this comes at least in part from an ideological bias, and not purely a technical obstacle. I was going to ask which particular features are you using that are not supported in IE10, but I suspect it doesn't really matter.
Anyway, best luck in your project, and I hope that you'll keep your cool and be pragmatic when tackling many of the challenges that lie ahead in your path.

daniel-s said:
That's great, but that "never will" tells me that this comes at least in part from an ideological bias, and not purely a technical obstacle. I was going to ask which particular features are you using that are not supported in IE10, but I suspect it doesn't really matter.
Anyway, best luck in your project, and I hope that you'll keep your cool and be pragmatic when tackling many of the challenges that lie ahead in your path.
Click to expand...
Click to collapse
Thank you, sir! The technical issues lie in CSS3 and HTML5 support. We use many of the features that just came out a few months ago to get the most out of the current web. Using the latest technologies like WebSockets over here improves the speed dramatically. We tested a lot with IE yet to make it work properly there much extra work would currently be required. Adding numerous exceptions to the code will impair the user experience of the users who use one of the four favorited browsers.

Yesterday we had a little re-design. I hope you like it!
Old:
New:

Once again many little things have been improved.
The focus has been set to practical computer science topics, such as various programming languages and platforms.
Examples are the new rooms "C++" and "Android".

[App][Social][4.0+] Luxy Millionaire Matchmaker - Tinder for the wealthy and the hot

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Luxy is an online dating app developed to help millionaires connect with other attractive, like-minded individuals. Luxy is free to download from Google Play Store.
Free Download if from Google Play:
https://play.google.com/store/apps/details?id=com.luxy&referrer=utm_source%3Dmarketing%26utm_medium%3Dxda
Features:
-Browse and connect with millionaires nearby.
-Anonymously Swipe Right to Like other users or Swipe Left to Pass.
-Send and receive unlimited messages to your millionaire matches.
-Send free virtual gifts to the ones you are interested in.
-Vouch to decide who can join the Luxy community.
In-app Products - Luxy BLACK:
-Browse profiles invisibly - only those who you have ‘liked’ will see your profile
-Get more cards each day - match with even more wealthy singles!
-Enjoy advanced search options and filters, such as search by location
-Send messages freely to the most beautiful women and the wealthiest men.
-Receives messages from the world’s wealthiest men and women, verified millionaires.
Screenshots:
Any suggestion and feedback is appreciated!
Please share the experience with your single friends if you like it. : )

Thanks for sharing! This idea sounds amazing!
However, I was stuck in registration. I have to wait for 24 hours? It says before I can use it, Luxy members will vote me in or our?

Only Voted-in Users Can Get in Luxy Millionaire Dating App
TMnvv25 said:
Thanks for sharing! This idea sounds amazing!
However, I was stuck in registration. I have to wait for 24 hours? It says before I can use it, Luxy members will vote me in or our?
Click to expand...
Click to collapse
Yes, exactly. This is a special system of Luxy to make sure the users base are either wealthy or attractive which has been extensively featured by CNN, BBC, Business Insider, CNBC, ABC, The New York Times, The Huffington Post, to name a few. Jimmy Kimmel.
To boost your chance to get in, you are highly suggested to upload beautiful and good-looking pictures for vouch.

This vouch-in idea is not bad! However, why don't you let all new users can view the Lookbook people before “voted-in”? It seems you can do nothing in the first 24 hours if you don't pay. This is not good for dating apps!

There was an episode of South Park in which, one of the main characters wanted soo badly to became a NASCAR driver but was not poor and stupid enough in his opinion to archive it. When I saw this app I've felt quite close to that - I'm not stupid enough to search for wealthy and thinking-that-they-are-hot idiots via app, life just outside my window is definitely cruel enough.
To be clear - all I want to say is; this is pathetic. But still funny!

htcthd1 said:
There was an episode of South Park in which, one of the main characters wanted soo badly to became a NASCAR driver but was not poor and stupid enough in his opinion to archive it. When I saw this app I've felt quite close to that - I'm not stupid enough to search for wealthy and thinking-that-they-are-hot idiots via app, life just outside my window is definitely cruel enough.
To be clear - all I want to say is; this is pathetic. But still funny!
Click to expand...
Click to collapse
Hi, thanks for sharing your feelings with us. And in fact, you are not the only one who doubted the app since its first release. However, we always look at the other side, Luxy would be the most serious dating app among anyone-can-join-for-fun ones. Luxy is not for everyone, only caters for 1% of the singles, as we always say. If you've tried Luxy's vouch-in feature, you'll see what I am talking about. BTW, the hot ones who join Luxy in fact are rated hot by others, not by themselves.

Still "hot" is not everything, if someone could at least try to think about making an app to find "just" interesting people - not hot, not wealthy...
From my experience the wealthier and hotter one get the dumbest and uninteresting one become - sad but true!

htcthd1 said:
Still "hot" is not everything, if someone could at least try to think about making an app to find "just" interesting people - not hot, not wealthy...
From my experience the wealthier and hotter one get the dumbest and uninteresting one become - sad but true!
Click to expand...
Click to collapse
In fact, Luxy users do find each other interesting as they all love luxury things, and they all go for Luxy for seeking their like-minded partners.

Blu, maybe Huawei and ZTE privacy "bug"

Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html

SoNic67 said:
Firmware (made by Shanghai Adups Technology Co. Ltd) that "calls home" was found installed on chinese phones sold in US:
http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
Not just "Chinese" phones, else why are they contacting Google?

Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

SoNic67 said:
Well, at least my phone contacts Google because I have a Google account. I choose to allow that when I input my gmail address. I choose to trust Google with my contact lists and calendar and whatever. I choose when to update the apps or not.
This chinese spyware is embedded in firmware (trusted app, capable of escalation) and on a totally different level of what it can do, you could read it in the article. Or not. The article has even a comparison with a similar spyware from 2011:
Click to expand...
Click to collapse
No I mean the security company Kryptowire are contacting Google, along with Blu. Does that mean a Google phone is affected or is it just as they have a sales channel? Probably the latter but it does raise a lot of questions about exactly & how much control they have of the manufacturing process across their supply chain. Whether it's the the actual phone or individual chips being programmed. And is there any attempt by companies that make products in places like China to check the phones that actually come off the line for compromises. I doubt it but it seems to be a security risk to me.
Of course we all have to trust someone or some company in some way as most things are not open. I to trust Google with much of my data & security.
(I have read several articles on this, but still not much info, all seem to be a rehash of the press release from Kryptowire)

Google code is not affected. This is part of the specific firmware that manufacturer puts in the phone and it is allowed to even be updated OTA.
Meanwhile if I root my device is considered "unsafe"... But that's the only way to see those files and act to remove them.
As much as I hate Apple, I am more and more tempted. At least they control all the manufacturing chain.

Can I load a custom firmware on my phone to eliminate this?

If you can unlock the bootloader, yes.
At the minimum you need root, to be able to disable/eliminate the software. The original article that I have linked has the details of the software names:
com.adups.fota.sysoper
com.adups.fota

Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html

...and not two days later another news emerges... hehe just when some may have thought they are any different
https://interc.pt/2gkn4dz

M4ti said:
Hi guys,
I knew that by now you have all heard about this news the Chinese budget android devices are secretly sending users’ data to China...
I thought I'll ask amongst the experts anyway how much of a thread could it actually be, as I'm a new P8 user (previously only had Samsung's)
What bothers me is the fact news comes from a private contractor to US govt which aren't really fair & square on the privacy issues in the first place, and apparently the 'feature' was 'accidental' discovered...really?!?
Considering the timing and situation on the market, seems to me to be a competition battle...but it's just my thought
Anyway...Do you think a simple root is enough to get rid of such 'back door' code?
Looking forward to your input
PS. articles available at:
http://www.theverge.com/2016/11/15/1...-text-messages
http://www.nytimes.com/2016/11/16/us...rity.html?_r=0
and original report http://www.kryptowire.com/adups_security_analysis.html
Click to expand...
Click to collapse
who cares who finds it, so long as someone does. Rooting and deleting all the relevant files should work, I guess, but possible could cause some other issues, who knows.

Its pretty funny since most of the people reading those articles doesn't really understand it very well....people quickly jump into conclusion and think that Chinese Smartphone device secretly sending private information to China....
If you read the articles very carefully then you will realize that Shanghai Adups Technology Co. Ltd is a company that provide FOTA services, that means and manufacturers that use their services for OTA updates are likely to effected with the spyware not just Chinese Smartphone....their market share is exceeding 70% across over 150 countries and god know how many devices manufacturers & services operator have been using their services for OTA updates...

Android compared with Mobile OS for security updates (iOS, Ubuntu, Sailfish,PrivatOS)

If you are concerned about security updates, you can check this report (updated 07/02/2018), providing information for device between 2011 and 2017 and report if your device is updated not.
This is a compilation of data based on official reports, official support responses and users feedback community.
Source : https://twitter.com/SecX13/status/961691443931820033
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
TD.

Again with this exaggerated focus on security updates. Am I the only one going "who the **** cares?" I mainly care about general OS updates, and even then I don't go around being angry for not getting it (if anything, I get more angry if the update is **** and I have to wait a long time for the next update to come along and fix the problems the first one brought). But not once in my life have I gone around thinking "hmmm, wonder when I can get my next security update..." This issue with security updates seems to be completely blown up by tech nerd sites and a small minority of enthusiasts online. Hell, I even consider myself a smartphone enthusiast, as I buy and sell phones for a living (and get to test virtually all flagship phones). But even I don't give a **** about this. I doubt the average consumer do either.

For a basic user this can be not so important, until he’s affected with a malware or other security issue.
This is more important for business company, organization and people that need minimum security, especially during this time with Meltdown, Spectre and also other malware affecting Android.
You can look this table like «*Brand that does good/bad job to update and maintain quickly/slowly your device*» not only with the security purpose.
Don’t forgotten that brands that does minimum security updates does also minimum and slower OS updates.

TylerD13 said:
Don’t forgotten that brands that does minimum security updates does also minimum and slower OS updates.
Click to expand...
Click to collapse
That's just wrong, and you know it. There's no real coherence between fast security updates and fast OS updates. A great example is how fast Essential is with security updates. They're not as fast updating to a newer OS version compared to, say Google, now are they? And that's even despite the fact that their interface is virtually stock Android and should be an easy job for them, as well.
Also, you exaggerate the security update’s importance by your talk about malware, spyware etc. issues being of importance. But the fact of the matter is that of all the phones I have tested and owned over the years, I have never ever run into issues with malware or any other kinds of security problems with my Android phones. That includes a ton of phones from Google, Samsung, Sony, LG, OnePlus, Huawei, Xiaomi, HTC, Motorola, etc. All OEMs with large variations in times they take to give security updates. It also includes 4+ year old devices that family members have; no issues there either. So this worry you seem to have is blown out of proportion. It's an issue no average user or even enthusiast really gives a **** about.

generalako said:
That's just wrong, and you know it. There's no real coherence between fast security updates and fast OS updates. A great example is how fast Essential is with security updates. They're not as fast updating to a newer OS version compared to, say Google, now are they? And that's even despite the fact that their interface is virtually stock Android and should be an easy job for them, as well.
Click to expand...
Click to collapse
There can of course be exceptions, but overall with main OS like iOS and Android this is most the time true.
Essential is not a good example, it’s a new and small company compared to other.
If your device brand don’t take care of your software with security update, there’s great probability that is the same with other updates.

i'd say it depends on how valuable your data and "transactions" on the smartphone is to you. if you dont giva a ****, so be it and maximum damage/risk is caller/sms fraud or some minor annoyances like crypto trojans and the like which exhaust your battery. if your doing banking apps, password save or or have other confidential data on your phone (test: you'd handover your photo gallery to a stranger?), then you might think again about your personal risk management.
my 2 ct.