Trust no-one, that's the first amendment for privacy concerned people...
So can we trust the compilers, IDE's etc.?
I made some tests with Eclipse, and the results are not very encouraging.
I created a hello world app.
This app has no permissions and it's supposed to only display its "hello world" message, but when I checked with Xprivacy if it had tried to access data I found out that it had requested access to:
1-phone/Configuration.MNC (cell tower),
2-phone/Configuration.MCC (cell tower),
3-identification/serial (the phone's serial number)
4-storage/sdcard.
Not bad but wait, there's more!
Then, I passed the app through Privacy Blocker, and it said that helloworld wanted to know my network type code.
I decompiled the app, removed the whole /smali/android folder, recompiled and reinstalled the app, now it doesn't want to know my network type anymore (but it stills tries to access 1, 2, 3, 4).
That means that there's something in the smali/android folder that requests the network type.
Note that this folder is added covertly since one would never know it's there unless one decompiles the app with apktool, and that the app works without it (actually one can see it in the libs in the Eclipse project, but a newbie wouldn't know that it's added in the app's smalis since it's not in the src folder).
Then I added a simple "search" button in the layout and in the main activity, and now the app wants to access, on top of the 4 above mentioned fields, system/queryIntentActivities.
Note that the app works even with everything restricted in Xprivacy.
To my understanding part of the problem comes from Eclipse and part comes from the Android OS itself, but I'd like to know what other people with more knowledge than me think about it
http://developer.android.com/tools/support-library/index.html
unclefab said:
Trust no-one, that's the first amendment for privacy concerned people...
So can we trust the compilers, IDE's etc.?
I made some tests with Eclipse, and the results are not very encouraging.
I created a hello world app.
This app has no permissions and it's supposed to only display its "hello world" message, but when I checked with Xprivacy if it had tried to access data I found out that it had requested access to:
1-phone/Configuration.MNC (cell tower),
2-phone/Configuration.MCC (cell tower),
3-identification/serial (the phone's serial number)
4-storage/sdcard.
Not bad but wait, there's more!
Then, I passed the app through Privacy Blocker, and it said that helloworld wanted to know my network type code.
I decompiled the app, removed the whole /smali/android folder, recompiled and reinstalled the app, now it doesn't want to know my network type anymore (but it stills tries to access 1, 2, 3, 4).
That means that there's something in the smali/android folder that requests the network type.
Note that this folder is added covertly since one would never know it's there unless one decompiles the app with apktool, and that the app works without it (actually one can see it in the libs in the Eclipse project, but a newbie wouldn't know that it's added in the app's smalis since it's not in the src folder).
Then I added a simple "search" button in the layout and in the main activity, and now the app wants to access, on top of the 4 above mentioned fields, system/queryIntentActivities.
Note that the app works even with everything restricted in Xprivacy.
To my understanding part of the problem comes from Eclipse and part comes from the Android OS itself, but I'd like to know what other people with more knowledge than me think about it
Click to expand...
Click to collapse
Thank you very much for your time Sir, and thank you for this nice and personalised answer, but I already knew about libraries, and anyway you completely missed the point.
The point is:
1-why a very simple hello world app built on eclipse requires private data access?
2-why that lib, that requests access to some data behind my back, is added to the final app whereas it's not needed?
I add that I'm building other projects (and it's actually from there that I understood that something was wrong and that I decided to make a plain hello world app to check it out) and same story, data access is added without my consent.
Oh well, nobody seems to care about the matter, and I don't care if people don't care so just tell me if you want me to remove this thread and let's forget about it...
Related
Im new to WP7 and app making, so I want to find some things out about making apps for it before I decide to buy a device, Ive been making some small apps over the past few days using the emulator and found some things that i thought would be useful to make some kick ass apps).
1. Is there such api that will help me with finding locations of stores (example: if i request information on Walmart and my gps coordinates it returns a list of close walmarts and their locations).
2. Anyway to take control of certain system settings with permission from user? (change ringer profile on monday - friday 8 am - 5 pm to vibrate automatically)
3. Say I want to have an app that uses GPS and saves my location during a specific time, does that mean I have to have the app running in the foreground since microsoft does not allow people to have their apps run in the background, is this correct?
Thanks
1.no
2.no
3.no, not possible
vetvito said:
1.no
2.no
3.no, not possible
Click to expand...
Click to collapse
1. So any app that has any sort of feature maintains its own database for store locations?
2. How about in the future? I know multi tasking will probably come but what about system settings and what not, do you think they will provide an API to work with if the user gives some sort of permission (like UAC in windows 7).
i think flat out responses that vetvito are more not quite true. my corrections to them would be these answers...
1. if there is a web version of this around or an app you see on iOS/Android which utilises GPS but uses an online database, it's quite easily doable on windows phone provided it uses simple HTTP web requests.
2. at this present, this isn't possible, that is for sure.
3. you are correct in your understanding. it does require being in the forground. if the app is running in the forground, it could easily do as you say provided it doesn't get put into tombstone state. it just requires the write coding done which is quite doable.
The Gate Keeper said:
i think flat out responses that vetvito are more not quite true. my corrections to them would be these answers...
1. if there is a web version of this around or an app you see on iOS/Android which utilises GPS but uses an online database, it's quite easily doable on windows phone provided it uses simple HTTP web requests.
2. at this present, this isn't possible, that is for sure.
3. you are correct in your understanding. it does require being in the forground. if the app is running in the forground, it could easily do as you say provided it doesn't get put into tombstone state. it just requires the write coding done which is quite doable.
Click to expand...
Click to collapse
Thanks! !
The Gate Keeper said:
i think flat out responses that vetvito are more not quite true. my corrections to them would be these answers...
1. if there is a web version of this around or an app you see on iOS/Android which utilises GPS but uses an online database, it's quite easily doable on windows phone provided it uses simple HTTP web requests.
2. at this present, this isn't possible, that is for sure.
3. you are correct in your understanding. it does require being in the forground. if the app is running in the forground, it could easily do as you say provided it doesn't get put into tombstone state. it just requires the write coding done which is quite doable.
Click to expand...
Click to collapse
how were my answers wrong. You just provided workarounds that makes the app useless. Not worth the time or effort.
3. wouldn't work at all, it would be pointless.
1. may work, but it has to be simple.
1. Nothing like that is built into the platform, but there may be publicly available webservices for that. Here are some options
Yelp (http://www.yelp.com/developers/documentation)
Foursquare (http://developer.foursquare.com/)
Facebook Places (http://developers.facebook.com/docs/reference/api/)
Google Places (http://code.google.com/apis/maps/documentation/places/#PlaceSearchRequests)
The WP7 API should support communication with these services.
PG2G said:
1. Nothing like that is built into the platform, but there may be publicly available webservices for that. Here are some options
The WP7 API should support communication with these services.
Click to expand...
Click to collapse
Thanks, I appreciate it!
Introduction
I have not seen much talk about security in XDA, and not at all on Neo Section.
SO here's just one informative link talking about using and developing apps and security risks involved
http://www.technologyreview.com/computing/25921/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
The most important thing is to read the permissions before installing.
If you had read the article I linked. Those permissions don't matter anything really if stuff developers use doesn't reveal what it does, or developer itself doesn't disclose what the app does.
We can safely say that those permissions asked are just to make ordinary users of Android think that all is under their control.
I use Privacy Blocker app and it keeps finding app permissions that are not listed. Even that app doesn't find those permissions which Cyanogenmod permission manager shows. And I've sanitized all my apps, still I find my phone connecting to some odd servers while using certain paid and seemingly legit apps. I even found shapshots from front camera made by some app... and I am checking all permissions I can, even for those not listed.
What seems harmless but could reveal your IP address and potentially other data about you is... advertisements used by apps.
Ads can be far more than just a little annoyance that slows your device. Any file, picture loaded from some location in internet can be used to locate you.
I had a problem of getting phone call bills for calls lasting 10 to 20 secs that I never made after using a slew of market apps, flashlights, fun stuff, etc.
I paid two months for such calls trying to find out which app did it and still don't know which one it was. Skype(phone app has fake IP of Holland but actual connection goes to Moscow... oh come one what is this? Why such hiding? Like anyone would trust their phone's Skype connection stream through Moscow... no thank you! Then wonder still if the phone gets so slow and Skype call quality is so bad even over wifi while Windows Skype does just fine?), Brighest flashlight, some photo editors, and slew of other garbage I've already forgotten about cause I don't use any of it anymore.
First post updated
How about the new 4.3 update..in includes some security and privacy control..will this thing prevent you had mentioned?
Is there any way to reactivate this post? maybe start working on a security enhanced android ROM? I'm agree, Security does matter!
Guys,
I always wondered how harmful could be - in theory - a homebrew app installed on an Interop-unlocked wp7.5 device.
What is considered as a virus, spam or scam app?
The worst it could do is copy my contact list and upload it on its own server? (privacy issue).
Could an app take the whole OS down?
How much do we trust casual developer?
I always install homebrew apps found on the xda with no second thought. But a few days ago I installed an app to browse some *dirty* websites and dunno why, I started thinking about this issue?
Thanks to you all!
K.
Usually, you can trust the guys here on XDA.
However, even a normal app could steal your contacts. And a homebrew app on a b fully unlocked rom can do even more (of course! that's the point ).
But as said, XDA is usually quite OK, and if a big name like cotulla, ultrashot, Heathcliff74 (and all other amazing devs here on xda) is behind it, you're definately safe.
Oh, and what's a virus? That's nood easily defined. Just think of a file manager. It allows you to delete files. Deleting a file is nothing special. So what? Well, what if the app is going to delete random files? You got a virus... (That's why it's so hard to make behaviour analysis....)
LOL, there is no way WP can get a virus with it's locked down UI and isolated storage. WP isn not Windows OS. So don't worry.
Unlocked phones and risks
sinister1 said:
LOL, there is no way WP can get a virus with it's locked down UI and isolated storage. WP isn not Windows OS. So don't worry.
Click to expand...
Click to collapse
Please note that the OP is talking about an Interop-unlocked phone which is quite open compared to a WP7 phone in its normal state (which really does give little reason for worry).
If you ask me, the age of pranks and viruses that delete your files just because they can is over already quite some time. Today people most often try things with malware if there is money to be made.
So you may ask yourself: How could there be monetary profit from the very small base of users with fully-unlocked WP7 phones? Especially factoring in the fact that many of those users being anything than noobs which will get suspicious easily.
If I was a malware author I really would look out for greener pastures
if you don't trust the developer you can easily check the code by decompiling it. ok... this requires some knowledge in c# development and doesn't work for native code.
Well, decompiling native code is entirely possible. It's just more difficult to read the resulting source.
There risk is absolutely there. The way malware would work on WP7 is different from how it would work on a PC, but it's certainly possible (and actually, on a full-unlock ROM you could write malware very similar to how you'd write it for PC). Consider the various kinds of Android malware; WP7 malware (with sufficient permissions) could do things like send SMS to "premium" numbers, track you using the GPS, and other unpleasantries.
This is the reason that, for example, Heathcliff74 made Root Tools require that the user manually mark an app as Trusted before the app receives full permissions. Of course, that requires that you trust Root Tools itself (and it's quite heavily obfuscated, so decompiling it won't do you much good) but as @chabun said, he's one of the "big names" in WP7 homebrew and is considered trustworthy.
For myself, this question is one of the reasons I release the source code to my apps. If you've got the source, you can check it for any malicious or even undesirable behavior, and if you want to you can modify it to suit yourself better.
kevyn82 said:
Guys,
I always wondered how harmful could be - in theory - a homebrew app installed on an Interop-unlocked wp7.5 device.
Click to expand...
Click to collapse
Well, there are quite a few harmful things a malicious homebrew app could do:
spy on you all the time using the built-in cam and mic;
record all your phone and video calls;
copy all your text messages;
track and report all your movements (GPS);
upload all your personal pictures to a third party;
call international or "premium" phone numbers without your knowledge, generating large phone bills;
send "premium" text messages or registering you to premium subscriptions;
sent text messages in your name to influence a TV show vote;
reroute all your phone calls through a "premium carrier", again generating large costs;
transform your phone into an email relay or VoIP for spamming;
record all your usernames, passwords, account numbers or credit cards for financial profit;
make your phone become a BitTorrent relay, eating through your mobile data allowance in a few days;
I am sure that we can find a few more by brainstorming a little bit, or by googling "iOS malware" or "Android malware"...
So the key questions is not what is possible in theory, but how much do you trust the developer of an app, homebrew or not.
Cheers,
Stephen
GoodDayToDie said:
This is the reason that, for example, Heathcliff74 made Root Tools require that the user manually mark an app as Trusted before the app receives full permissions. Of course, that requires that you trust Root Tools itself (and it's quite heavily obfuscated, so decompiling it won't do you much good) but as @chabun said, he's one of the "big names" in WP7 homebrew and is considered trustworthy.
Click to expand...
Click to collapse
Thanks for your answer!
Yes I think some premium dev like yourself, Heathcliff74 etc are deeply trusted on here.
But still I am pretty sure the average user doesn't care about names or source. He or she won't be able to read though the source code or understanding what does require an app access to.
Also, if the app would require "elevated privileges" trough Heathcliff's Root Tool, he wouldn't think twice about granting to it.
Then if something bad would happen, then it would blame the OS, not him- or herself.
Things like requiring user confirmation to call or send a text within an app, from my prospective, never should be avoided.
On iOS for instance a lot of user complained to the carrier (here in Italy), some international sms sent billed in their accounts. It was iMessage first set up to send a txt to the UK (which costs on avg 0.30 Eur, compared to 0.10-0.15 a single sms).
But I am wondering now why jail-broken iPhone aren't subject to malewares like the open Android platform. I'm sure unlocked iOS would be a pretty green garden for them.
rbrunner7 said:
Please note that the OP is talking about an
If you ask me, the age of pranks and viruses that delete your files just because they can is over already quite some time. Today people most often try things with malware if there is money to be made.
Click to expand...
Click to collapse
You're right, just wanted to show that it's not really easy to say what's bad and what's good...
There's been malware for jailbroken iPhones. There was even a worm that spread by infecting people who had enabled an SSH server on their phone but left the default password.
The reason it's less of an issue there than on Android is that malware is typically a business - that is, it's done to make money - and so you target the largest number of people you can. There are fewer iPhones than Android phones, and far fewer jailbroken iPhones than Android phones that can access the market or even install apps from outside the official market (pretty much all of them).
I've noticed sometime last year that local news apps developed by LSN Inc. requires hardware control of the phone camera. I suspect those apps actually snap pictures every time the app is opened.
Can the experts here help me validate this suspicion? Is there a way you can inspect for malicious codes in those apps?
Why suspicious?
sp_1st_timer said:
I've noticed sometime last year that local news apps developed by LSN Inc. requires hardware control of the phone camera. I suspect those apps actually snap pictures every time the app is opened.
Can the experts here help me validate this suspicion? Is there a way you can inspect for malicious codes in those apps?
Click to expand...
Click to collapse
Permission to use the camera is explicity requested. It probably supports a feature for the user to send pictures/videos back to the news station.
LSN Mobile has a legitimate looking website, including names of the officers
http://www.lsnmobile.com/about_us/our_team.html
... as well names/numbers/email for key contact personnel and physical address of the business:
http://www.lsnmobile.com/contact_us.html
Can I ask what makes you suspicious about these Apps?
Not sure if I should post a paranoid parrot meme, or a conspiracy keanu meme.
First, I can't find in the apps where a user can actually use the camera feature. And when opening the apps, it gives a completely black screen for several seconds before getting to the main interface. It makes me think it snaps an image during the black screen delay.
Why require permission to access the camera when there is no user accessible feature that requires it?
To GermainZ - I have seen you on the Tasker forum and always considered you a knowledgeable and helpful guy. Give this guy a break - he's just asking a question.
sp_1st_timer said:
First, I can't find in the apps where a user can actually use the camera feature. And when opening the apps, it gives a completely black screen for several seconds before getting to the main interface. It makes me think it snaps an image during the black screen delay.
Why require permission to access the camera when there is no user accessible feature that requires it?
Click to expand...
Click to collapse
The software from LSN gets a clean bill of health from mobilesecurity.com
http://appview.mobilesecurity.com/search?q=LSN
I downloaded the Local TV station LSN program to check it out, and I agree with you there is no accessible feature within the software to use the camera within the program that I looked at. Perhaps a capability for users to send pictures/videos is left over from a previous version or reserved for a future version. Perhaps it is a feature built into the general program that needs to be activated by the specific local TV station. At any rate, given the very wide use of this software by a seemingly-legitimate company, I personally wouldn't have a high level of concern about it. Also,perhaps it will help you to know that it can only take pictures when the program is running, not all the time.
There is a feature in the program where you can contact the developer... you might want to try that out to see if they have an explanation that satisfies you (and post any results back here if you do). There is certainly nothing wrong with a cautious and questioning attitude when it comes to permissions.
These posts make my day.
Sent from my cm_tenderloin using xda app-developers app
Electric Pete,
Thanks for not ridiculing my question. Yes, I presume it could only take pictures when the app is on. The are people who likes reading the news or checking the weather forecast while in the bathroom or as they come out of the bathroom. It's up to your imagination.
I'm not sure they would care to answer my question, because when I pointed this out in my user review of the app, my review is made invisible to the public. I actually waited for several days to see if my review would eventually become visible, but never. My reviews on other apps are visible.
If they are not guilty, they should not suppress my "wrong suspicion".
If the review you mentioned is on Google Play, I don't think the developer has any capability to supress that. Google runs the show there.
I do see your point about privacy. Reading the permissions and questioning the ones that don't make sense is good practice in my opinion.
electricpete1 said:
If the review you mentioned is on Google Play, I don't think the developer has any capability to supress that. Google runs the show there...
Click to expand...
Click to collapse
That is interesting. Why would Google suppress my review which can be considered laughable (as indicated by some reactions in this thread).
Anyways, thank you for giving time replying to this thread. If only I got the knowledge to inspect program codes of these apps...
By the way, the local news here where I live switched to different app provider. They listened to my concern.
Bottom line is, you could decompile the apk, edit the manifest and remove the camera permission (you could also check the output; or try a tool that decompiles an apk to java code, which will be much clearer, but it's still in beta if I'm not mistaken).
Monitoring the logcat/using the "ps" shell command might also reveal something useful, but I'm not if taking pics within an app starts a separate camera process ps would show.
Also, the logcat probably won't show anything useful, tho (the same thing applies; and if the app is malicious, it won't output anything malicious-related to the logcat).
Still think it's paranoid, tho. Why not contact the devs?
Hi.
I recently came across some chinese / asian websites which kang / modify and release a diversity of roms.
I'm not specifying sources / which roms are, this is a general announcement to be careful with what we download & flash into our devices, and why ?
I flashed in order to test some of these roms (not the sense 5 kang tho), since I work in network security, I had noticed on our firewall logs when my mobile connected through the wifi, a bunch of UDP requests / DNS queries to russian websites. This can be used to botnets, DoS, even malware / spam propagation (a diversity of not cool stuff, basically).
A colegue of mine which also has a 'droid had once an app which sent repeatedly ICMP requests in "not random" but specific hours / intervals, he asked me to test his rom which he downloaded and flashed from "another" website, and I confirmed the suspicious behavior. There was established connections to foreigner addresses through a diversity of protocols, data being sent / received and at times, a udp flood directed to specific addresses. This is bad, my friends.
We don't know what these roms have inside, what's their mechanism besides the standard transparent operations which most of us are familiar with, and they could be very well used to do illegal things which I guaranty we don't want to be part of.
Flashing a rom, connecting through 3G or Wifi, and then our mobile is now part of a botnet which participates without our knowledge on such illegal operations is just one of the things that could happen. Phishing is also very possible - in other hand, a lot of things are possible without our knowledge and consent. We don't want this do we ?
The last Rom which I have experienced this, the link was removed and is no longer online. So i'm not pointing URL's / Rom names because this is something that each one of us has to be careful about.
Fortunately we have ways to detect / avoid / remove and make sure our device is used only for us and does only what we "tell" it to do.
We can use this thread to report such roms (since they're not published on xda, we can only warn each other and be aware) and applications that have malicious content.
I'll also be updating this thread with methods, applications for android to detect malware / suspicious activities (I'm not going into depth like using a sniffer or protocol / packet analyzer (although we can) I'll try to keep as simple as possible.
Suggestions, reports are very welcome and should be reported here. We can use this thread to protect our droids and help each other making our devices secure.
This post has the intention of protecting ourselfs, but privacy tips / applications are also welcome. Be careful tho, would be ironic to suggest an app to protect user privacy and in the end the app itself sends private data to GodKnowsWhere.
To be continued / Updated Soon.
List of Applications to monitor / analyze traffic:
Netstat Professional - Allows you to see what connections your android has established. Allows whois info, Real time IP / Port and status information (pretty much like netstat -an), and what service is running / port information.
Wi.cap. Network Sniffer - Much like a network protocol analyzer / network sniffer. This neat app allows you to see what connections are estabilished / protocol / status / analyze packets. If there's a connection estabilished - it will be listed. [Root needed]
Shark for Root - Traffic sniffer for 3G & Wifi (supports FroYo tethered mode too). Records traffic which later you can open with WireShark. To preview you can use Shark Reader.
List of Applications fo scan for malware.
Coming Soon...
Procedures to discover / analyze / report malware / suspicious behaviours and such.
Coming Soon...
Post reserved for procedures which will include:
- Common Sense
- How a malware works (the term malware is used to include viruses, trojans, custom scripts and apps.
- What to look for / suspicious behavior which you should pay attention to (also included in Common Sense).
- Basic tools to detect / analyze / remove malware.
More to come.
Sent from my HTC Z710e using xda premium
Generally, i suggest to use ROMs from XDA only, except for CM/MIUI official website. The risk is real! Thanks to @MidnightDevil for his help and his time
I suggest to read this thread to all the users!
XxXPachaXxX said:
Generally, i suggest to use ROMs from XDA only, except for CM/MIUI official website. The risk is real! Thanks to @MidnightDevil for his help and his time
I suggest to read this thread to all the users!
Click to expand...
Click to collapse
Thank you for your support
If anyone has suggestions / knowledge about this sort of matter please share
There's a LOT of info that I tend to post on this thread in a way to educate / share knowledge with everyone.
Trusting the developers and sources is the first step for prevention. Be careful with dodgy websites and roms which you don't know about.
Scanning the rom zip file with a virus scanner is useless in this matter.
Unknown Rom
The threat is over when a secure rom is installed (after using a none xda rom) ??
MidnightDevil said:
Thank you for your support
If anyone has suggestions / knowledge about this sort of matter please share
There's a LOT of info that I tend to post on this thread in a way to educate / share knowledge with everyone.
Trusting the developers and sources is the first step for prevention. Be careful with dodgy websites and roms which you don't know about.
Scanning the rom zip file with a virus scanner is useless in this matter.
Click to expand...
Click to collapse
phearell said:
The threat is over when a secure rom is installed (after using a none xda rom) ??
Click to expand...
Click to collapse
So far there isn't malware which persists after full wipe. Can't speak of the contents of the sdcard tho. But usually yes. But then you have the apk's which can contain malicious code and so forth...
Those apps are usually banned from the PlayStore, but there's a short window between published / report / removed from Store which users can download it.
Unless I didn't understood your post
MidnightDevil said:
So far there isn't malware which persists after full wipe. Can't speak of the contents of the sdcard tho. But usually yes. But then you have the apk's which can contain malicious code and so forth...
Those apps are usually banned from the PlayStore, but there's a short window between published / report / removed from Store which users can download it.
Unless I didn't understood your post
Click to expand...
Click to collapse
AFAIK google also scan apps installed on the device. When installing a 3rd party app (not via Google Play), you get a prompt to allow google to scan it anyway for malicious content.
Also, there are a couple of anti-virus apps available from well known companies such Avast for android, and also from AVG.
I never really tried those, but they might help protecting your device. However I doubt if they scan system apps/services, for in most cases they are supposed to be safe (from the OEM itself).
It is well known that the biggest security hole is the user. So the best thing to do is to keep away from unknown ROMs/sources.
astar26 said:
AFAIK google also scan apps installed on the device. When installing a 3rd party app (not via Google Play), you get a prompt to allow google to scan it anyway for malicious content.
Also, there are a couple of anti-virus apps available from well known companies such Avast for android, and also from AVG.
I never really tried those, but they might help protecting your device. However I doubt if they scan system apps/services, for in most cases they are supposed to be safe (from the OEM itself).
It is well known that the biggest security hole is the user. So the best thing to do is to keep away from unknown ROMs/sources.
Click to expand...
Click to collapse
No doubt the biggest flaw usually comes from the end user.
But answering your statemente about anti viruses.
Usually anti viruses (specially in portable devices) act base upon a database of known signatures and suspicious behavior. They provide no protection against a custom developed script or code with a work-around for this behavior. Basically - avoids behaving like a malware.
A code is considered malicious when acts upon suspicious behavior (for example, on windows - when an app registers itself on registry autorun / startup folders / tries to load a file on temp directory / temporary internet files, hooks itself into a process / uses a windows process to deliver it's payload faking a signature, etc etc). Knowing this, any custom app / script that avoids suspicious behavior / does not have a present signature on a AV database and a few more details - all doors are "open" and is a highway to hell.
Google scan engine uses the same mechanism, in fact, I'm not even sure if it has any sort of protection against suspicious behavior as it only executes upon apk install.
Believe me, the biggest flaw is the user as the best protection is also a well educated user. It's a matter of knowing what can do and what should avoid. Fear or suspicion is an important thing these days, as they prevent us from making mistakes as installing an app from a dodgy site. We should know better.
MidnightDevil said:
No doubt the biggest flaw usually comes from the end user.
But answering your statemente about anti viruses.
Usually anti viruses (specially in portable devices) act base upon a database of known signatures and suspicious behavior. They provide no protection against a custom developed script or code with a work-around for this behavior. Basically - avoids behaving like a malware.
A code is considered malicious when acts upon suspicious behavior (for example, on windows - when an app registers itself on registry autorun / startup folders / tries to load a file on temp directory / temporary internet files, hooks itself into a process / uses a windows process to deliver it's payload faking a signature, etc etc). Knowing this, any custom app / script that avoids suspicious behavior / does not have a present signature on a AV database and a few more details - all doors are "open" and is a highway to hell.
Google scan engine uses the same mechanism, in fact, I'm not even sure if it has any sort of protection against suspicious behavior as it only executes upon apk install.
Believe me, the biggest flaw is the user as the best protection is also a well educated user. It's a matter of knowing what can do and what should avoid. Fear or suspicion is an important thing these days, as they prevent us from making mistakes as installing an app from a dodgy site. We should know better.
Click to expand...
Click to collapse
I just remembered of an app called "Who is tracking" (was featured on the portal a while ago), that also scans system files (bloatware) and tells you which app tracks you. tried using it a while ago, but didn'y really try to understand it, and it seems to have changed since. will try it myself.
Agreed with Patcha, unless you 100% trust the source (CM/MIUI are well known and if they did something untrustworthy a massive ****storm would ensue) then I would stick to ROM's posted on XDA (though frankly I avoid MIUI out of moral principle #SouceCodeMuch?). Anything untrustworthy that is posted on XDA is picked up very quickly and dealt with effectively.
More to come from me on this, I need to organize what I want to say so it doesn't sound like a mad persons ramblings
Edit: A thing to look out for in google play store is the permissions, READ THEM, read what they mean, read what permissions the app requests and if you don't know why an app needs that permission or if it looks dodgy (like the permission to send sms messages without the user knowing) then for God's sake don't use the app util you've found out what the app needs that permission for (quick google search or email to the developer). Don't just blindly agree to all the permissions without reading them.
These permissions are declared by the developer in the Android_manifest.xml file and pulled from there when publishing the app on play store. As far as I am aware, there is no way to fool this system - you can't edit the visible permissions through the developer panel of play store, only by editing the manifest - I have a developer account on play store so this I am 100% sure on.
Yup, very true. Something I forgot to mention earlier and is VERY important.
Always check the permissions and what for the permissions are used. Some good developers write what for they need the permissions. Some things are obvious, others not so quite.
Also reading the comments of an app helps as well. More experienced users tend to write a more complete review and sometimes they draw the attention to things that sometimes other users miss. About permissions or anything else.
Any user can write a review, so if you find something important, you can also write in the review. Just make sure you don't underrate an app because of a doubt
Usually developers also have their contact email in case of doubts, it can be used to to bring some things to light.