Related
Hey Guys,
I have a app developed that I have been charging for use, but i am thinking about switching to a ad model and make my app free. I was wondering what advertising options are out there.
I know that admob owns a pretty big market share, but was wondering what are my options regarding how best to choose an advertiser, what are the other advertisers I have to choose from, and is there a benefit of one advertiser vs. another? Which one would pay more? I know this is dependent on how popular my app is.
Thanks for any info provided!!!
I personally use AdMob in my app. It also integrates Google AdSense ads into your app for when AdMob doesn't have an ad to show. I only just released my app a few weeks ago, but it seems like it will generate a pretty decent revenue. I searched before I implemented AdMob, but I really didn't find anything else.
Ed
wow...so admob has a monopoly of sorts in the market eh? So people use admob or get no ad revenue at all?
What about for the apple iphone? I heard there was iAds, and I guess admob as well? Is one better than the other?
can anyone provide anymore insight, or know of a forum which is popular among android/iphone app developers to better answer my question? There don't seem to be that many app developers browsing these forums.
thanks!!!
Personally, i use admob and have 2 apps using it. I don't make much from it (usually around $0.20 a day) but it's better than nothing i guess
As for which ad company to use, it doesn't really matter. They all pay out roughly the same: Millennial, AdMob, JumpTap, MobFox, etc. It's just down to personal preference really
misc86 said:
Hey Guys,
I have a app developed that I have been charging for use, but i am thinking about switching to a ad model and make my app free. I was wondering what advertising options are out there.
I know that admob owns a pretty big market share, but was wondering what are my options regarding how best to choose an advertiser, what are the other advertisers I have to choose from, and is there a benefit of one advertiser vs. another? Which one would pay more? I know this is dependent on how popular my app is.
Thanks for any info provided!!!
Click to expand...
Click to collapse
Can you briefly say something about your app? Is it game and what kind?
How many downloads have you had so far?
When it comes to in-app ads the industry offers much more than just regular banners. There are other ad formats that deliver much higher cCPM than banners but their implementation depends on the kind of app you have.
I work for LeadBoltApps - our speciality is Content Locks for example; Ad mob is mostly banners; Airpush does Push Notifications and so on. Hope that helps.
My experience with Ad Networks
I have a weather app and needed to get ads going immediately at launch to fulfill my contractual obligations for the weather data provider.
I tried both Inmobi and Millennial Media. The problem with Inmobi is that they want to review your app and approve it for ads once it is up and available from the store.
Millennial Media was much easier to work with. Ads were running in my test app even before launch. There wasn't any manual approval hurdle to jump through.
I also tried to work with YP.com (AT&T Interactive) since my app uses location and they pay good rates for local ads. They wouldn't talk to me until I get 1M pageviews per month.
Hi everybody!
I recently started looking for a browser to replace the stock one and I think I installed every possible option there is without giving much thought to the consequences - app permissions and possible violation of my privacy and misuse of my data.
So I found what I thought was a really nice and well-functioning browser called Ninesky from the Android market.
Luckily for me I did not get to use it for long, before I detected a strange pattern - Ninesky would automatically start itself upon boot, connect to a server in China, upload some data and receive some back and then just sit there and wait idly.
The server that it connects to belongs to a company called aBitCool, which is, according to Bloomberg, an ISP in China.
So I kill it off and after a while it's back, doing the same thing. I also noticed a similar behavior for Dolphin HD, except that it would send data just once very quickly after boot-up and then close itself and stay quiet. That led me to Google it a little, which in turn led me to an existing thread about Dolphin HD on this forum.
So here are my noob questions that I hope somebody can answer, please:
1. Can somebody take a look at Ninesky browser and let us all know what kind of data it is transmitting about its users upon boot and maybe even later on during the actual use of the browser? The list of permissions that Ninesky asks for is huge and that makes me a little worried. Also, Ninesky runs a "safety check" of every URL visited. I wonder what that really is.
2. Say it would try to steal information from its users - would it be possible for the app to somehow get access to my stored usernames and passwords from other programs (such as Gmail or Skype) or are these encrypted? I presume that if I were stupid enough to let Ninesky's password manager "remember" my usernames and passwords for certain websites then that information would be easily accessible to them.
3. Can an app with such permissions also function as a keylogger?
4. I can understand why folks here would write some apps on their own and share them with the rest of us. I can understand why a developer or a company would write an app and make one version available for "free" or as an ad supported one and/or offer a premium version for $$$. At the end of the day developers need to eat and pay their bills just like the rest of us and companies are (for the most part) profit-seeking institutions (unless they are GE or MS that have money to burn). That said - why for the love of god would anybody, other than an enthusiast, develop a browser, for which they will not ask for any $$ or won't even display any ads in it? Where is the catch? Now, I know that Opera and Firefox get money from Google to use it as their default search engine, but would this really apply for a few random Chinese companies? Where is the catch?
Thank you.
I was a big supporter of Ninesky but I uninstalled today. It does seem to be constantly running and transmitting data, though what data is being transmitted I don't know. LBE also kept notifying me that it was trying to obtain my location information even when I wasn't using it. I uninstalled it through the Market and left a one star review.
Drunk texted from my MIUI Thunderbolt.
I'm writing a review of about 13 different Android browsers, and came across Ninesky. Has anyone heard anything more about the privacy concerns and what data it might be transmitting?
well....if it keeps requesting the location even while its closed, thats not a good sign...
Not good. This needs addressing.
I have changed my review on Market also until we get some answers.
Cheers to the OP.
I agree. I think my review should come out tomorrow, hopefully the developer reaches out. It really is a decent browser.
Sent from my Transformer Prime TF201 using xda premium
´I'll leave you here my tests made since Monday with last versions of each app:
==|Boat 4.0.1|==
#Just after starting#
- Ask for GPS location
- 211.151.139.246 (China Network Information Center)
#When going to any website#
- IP from that website
--------------------------------------------------------
==|Dolphin HD 8.6.1|==:silly:
#Just after starting#
- 184.73.86.141 (AMAZON.COM - amazonaws.com - US)
- 65.52.32.12 (Microsoft Corp - US)
- 107.20.57.0 (AMAZON.COM - amazonaws.com - US)
and one more on this IP range type...
- 205.251.242.197 (AMAZON.COM - amazonaws.com - US)
- 205.251.242.165 (AMAZON.COM - amazonaws.com - US)
- 72.21.195.98 (AMAZON.COM - amazonaws.com - US)
#When going to any website#
- IP from that website
--------------------------------------------------------
==|Firefox 14.0.1|==
#Just after starting#
- No Ping
#When going to any website#
- 80.67.92.43 (AKAMAI TECHNOLOGIES US) *
- 93.184.219.20 (EdgeCast Networks - US) *
- IP from that website
* note: not always, most of the times just go to IP website we asked
--------------------------------------------------------
==|Opera 12.0.4|==:victory:
#Just after starting#
- No Ping
#When going to any website#
- IP from that website
note: DON'T use Opera Turbo or EVERY single info WILL pass through their servers...
--------------------------------------------------------
It's pretty obvious to me who are the most privacy oriented here...
STAY WAY FROM OPERA MINI AND DOLPHIN MINI AND ALL MINI VERSIONS. They process all info on their server first for speed.
Anyone researched Xscope or could research this browser?
If you explain how, I could do it myself!!
Sent from my GT-I9000 using xda premium
But the OP got it wrong with money burning by GE & MS. There's no such thing, its all business. Just to let you know, in the browser wars - Firefox was Google's first step into browsing. Then came Chrome.
For all privacy concerns, LBE Privacy Guard is a good option. Though its Korean, if am not wrong.
Well, finally there's options out there. Nobody is forcing us to download, install & use their apps.
Sent from my MT11i using Tapatalk 2
bombayboy said:
But the OP got it wrong with money burning by GE & MS. There's no such thing, its all business. Just to let you know, in the browser wars - Firefox was Google's first step into browsing. Then came Chrome.
For all privacy concerns, LBE Privacy Guard is a good option. Though its Korean, if am not wrong.
Well, finally there's options out there. Nobody is forcing us to download, install & use their apps.
Sent from my MT11i using Tapatalk 2
Click to expand...
Click to collapse
Agree with everything BUT Firefox was never connected to Google like Chrome. Firefox's current existence is owed almost exclusively to its search partnership with Google wherein Mozilla Corp receives a portion of ad revenue from Google queries initiated from Firefox's search bar. This revenue amounts to tens of millions of dollars. But Mozilla and Google Relations Strained Due to Chrome.
Firefox its independent and don't collect your data like Chrome/Google do...
sushidog said:
Agree with everything BUT Firefox was never connected to Google like Chrome. Firefox's current existence is owed almost exclusively to its search partnership with Google wherein Mozilla Corp receives a portion of ad revenue from Google queries initiated from Firefox's search bar. This revenue amounts to tens of millions of dollars. But Mozilla and Google Relations Strained Due to Chrome.
Firefox its independent and don't collect your data like Chrome/Google do...
Click to expand...
Click to collapse
Connected with reference to Google promoting & supporting Firefox before they decided to go with Chrome.
I still use Firefox, Aurora & Chrome
Sent from my MT11i using Tapatalk 2
If you're not paying it, you are the product being sold.
Remember this when downloading free apps which are not open source.
DnaPolymerase said:
If you're not paying it, you are the product being sold.
Remember this when downloading free apps which are not open source.
Click to expand...
Click to collapse
Like facebook which sells our data
Sent from my MT11i using Tapatalk 2
Calamitous with Ninesky
Hi,
I stumbled upon XDA Developers forum today and I was so grateful to find this write-up; it was the only honest review I could find of Ninesky. So, thank you.
I want to share an experience our family went through a few weeks ago. Perhaps it will answer some of your questions and alert some users out there of what this browser could do. We have an unfortunate incident happen to our child: My little boy received an android tablet for a gift this October. He was so eager downloading all the apps and games he could find, and in about a month, it was completely personalized. We regularly monitored his downloads, the games he played, and the apps he utilized.
Much to our regret, we really did not give much thought to the browsers he had installed. He had more than three at one point and Ninesky was always in the background. Sadly, whenever he would search for apps, we later discovered Ninesky directly linked him to several stores that was not common to Google or Firefox. Some of them had Anime icons (mostly innocent looking), nicely titled games for their tiles. Some apps were legitimate and very cool games; however, some apps were direct links to hard-core porn websites and a whole universe of filth (not excluding child-porn). They attached themselves to the tablet like trojans and was quite aggressive in linking the user to overseas app stores (inappropriate). Every time a game would be uploaded from one of these stores, it gives auto-access to these atrocious websites and videos. Because Ninsky always functioned in incognito--one of it's touted features--we almost had no access to the history or cookies when this browser was used. Almost anyway ... it took us hours (and some hacking) to track and identify what was really going on, the seeming source of it was this "sophisticated" browser.
So the catch may be that this browser has no advertisements because it plays host to several groups funding the porn industry. That's my suspicion anyway, based on what we went through.
I cannot begin to say how grieved we are that our son was exposed to all this, especially that we discovered it so much later. We thought we paid attention. That being said, he's back to playing with his remote control car outside, where life is a bit less complex.
More power to your forum and thanks again.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
xenofont said:
Hi everybody!
I recently started looking for a browser to replace the stock one and I think I installed every possible option there is without giving much thought to the consequences - app permissions and possible violation of my privacy and misuse of my data.
So I found what I thought was a really nice and well-functioning browser called Ninesky from the Android market.
Luckily for me I did not get to use it for long, before I detected a strange pattern - Ninesky would automatically start itself upon boot, connect to a server in China, upload some data and receive some back and then just sit there and wait idly.
The server that it connects to belongs to a company called aBitCool, which is, according to Bloomberg, an ISP in China.
So I kill it off and after a while it's back, doing the same thing. I also noticed a similar behavior for Dolphin HD, except that it would send data just once very quickly after boot-up and then close itself and stay quiet. That led me to Google it a little, which in turn led me to an existing thread about Dolphin HD on this forum.
So here are my noob questions that I hope somebody can answer, please:
1. Can somebody take a look at Ninesky browser and let us all know what kind of data it is transmitting about its users upon boot and maybe even later on during the actual use of the browser? The list of permissions that Ninesky asks for is huge and that makes me a little worried. Also, Ninesky runs a "safety check" of every URL visited. I wonder what that really is.
2. Say it would try to steal information from its users - would it be possible for the app to somehow get access to my stored usernames and passwords from other programs (such as Gmail or Skype) or are these encrypted? I presume that if I were stupid enough to let Ninesky's password manager "remember" my usernames and passwords for certain websites then that information would be easily accessible to them.
3. Can an app with such permissions also function as a keylogger?
4. I can understand why folks here would write some apps on their own and share them with the rest of us. I can understand why a developer or a company would write an app and make one version available for "free" or as an ad supported one and/or offer a premium version for $$$. At the end of the day developers need to eat and pay their bills just like the rest of us and companies are (for the most part) profit-seeking institutions (unless they are GE or MS that have money to burn). That said - why for the love of god would anybody, other than an enthusiast, develop a browser, for which they will not ask for any $$ or won't even display any ads in it? Where is the catch? Now, I know that Opera and Firefox get money from Google to use it as their default search engine, but would this really apply for a few random Chinese companies? Where is the catch?
Thank you.
Click to expand...
Click to collapse
Hi,
I just wanted to rant about the current state of application ads on Android.
Over the past month, I've noticed an increased occurrence of those malicious "battery upgrade" ads in my games and apps.
Back in September/October, I got a few and I complained to the domain holder (ENOM) and their server hoster. Both of them neglected to email me back, and the site still remains online.
They seemed to disappear for a while, but since around New Years, the ads have resurfaced. Almost every free game I've played over the past two weeks has had them. Angry Birds, Super Stickman Golf, Words With Friends, Air Control Lite, to name a few...
I've contacted at least three ad distribution networks over the past two weeks, JumpTap, TapJoy, and Mojiva. All three have ignored my emails.
I've tried talking to the app developers, and they seem to be responsive to my initial complaints, but acting on them seems to be another matter.
While I realize that because I'm rooted, I could just block the ads by hand, but I think the more responsible thing would be for these ad distribution networks to actually look into the things they are advertising on our devices.
If you're an app developer, I'd like to ask that if you have a choice of whose ads get displayed in your applications, take a hard though about the ads that are also being pushed to your application's users.
I'm just mad about the whole thing. If ICE/DoHS can take down any site they feel, why can't malware developers suffer the same fate?
Thanks
Hi bunder9999,
My name is Saad and I work for Tapjoy. I wanted to bring to your attention that Tapjoy had already turned off and removed the developer for "battery upgrade" about 10 days ago. Please let me know if you want to discuss anything about this. You can send me email at [email protected].
Regards
Saad
Thank you. Now that I poke through my inbox, I see that you did indeed mail me back. edit: But that doesn't change the fact that you allowed the ads to begin with.
Got two emails today (surprise, surprise.)...
Rovio: "We're trying!"
Mojiva: (In so many words... yes, they were kindof nasty about it.) "Prove it or f*** off." My response: "Pull out an android device and install the malware yourself."
While I'm here, I thought I would post some comments made by some of my fellow Android users...
"i think it is awesome that you do this type of thing and more people should... you are pretty much an internet don quixote"
"more people need to step and say this type of s*** is unacceptable, and its really only apathy that doesn't stop ad companies from really taking this s*** seriously"
"your efforts are sisyphean, though noble"
Click to expand...
Click to collapse
I'm just going to post this here, as proof that I'm not off my nut, as Mojiva's final stance seems to be.
http://www.virustotal.com/file-scan...8bbb35635f8c6c7a044ff2b28fcd01dfa4-1326204931
edit: rather than waste a post on something nobody seems to care about, i got another ad today, from another ad-network, inmobi.
email sent. i was a little more diplomatic in my email this time, but somehow i don't feel that they will be anymore receptive than Mojiva was.
i wish android market was a little more like Apple app store. Too many crappy apps made it into the market without any filtering.
silkshocker said:
i wish android market was a little more like Apple app store. Too many crappy apps made it into the market without any filtering.
Click to expand...
Click to collapse
I couldn't disagree with you more. Sure, the App Store has a much higher percentage of quality apps, but I believe the filtering is preventing a lot of aspiring developers from getting their apps out there. I'm just afraid that, were I to get an iphone, the app I desperately want is being blocked by apple for one reason or another. I'd rather sift through hundreds of crappy apps and find the one I want, than sift through 50 and not get a single one that does what I need it to do.
And there is some filtering in the market. It's just not overly strict. The beauty of android is that it is OPEN!
Just a thought...
+1
mfitz8530 said:
I couldn't disagree with you more. Sure, the App Store has a much higher percentage of quality apps, but I believe the filtering is preventing a lot of aspiring developers from getting their apps out there. I'm just afraid that, were I to get an iphone, the app I desperately want is being blocked by apple for one reason or another. I'd rather sift through hundreds of crappy apps and find the one I want, than sift through 50 and not get a single one that does what I need it to do.
And there is some filtering in the market. It's just not overly strict. The beauty of android is that it is OPEN!
Just a thought...
Click to expand...
Click to collapse
what he said
you can easily block all the Ads, and ignore all the SPAMs
i'll suggest AVAST for Android, does a great job at that, as for Ads, there are tons of 3rd party apps to block Ads
.
Thread moved. Would advise you to read forum rules and post in correct section.
bunder9999 said:
Hi,
I just wanted to rant about the current state of application ads on Android.
Over the past month, I've noticed an increased occurrence of those malicious "battery upgrade" ads in my games and apps.
Back in September/October, I got a few and I complained to the domain holder (ENOM) and their server hoster. Both of them neglected to email me back, and the site still remains online.
They seemed to disappear for a while, but since around New Years, the ads have resurfaced. Almost every free game I've played over the past two weeks has had them. Angry Birds, Super Stickman Golf, Words With Friends, Air Control Lite, to name a few...
I've contacted at least three ad distribution networks over the past two weeks, JumpTap, TapJoy, and Mojiva. All three have ignored my emails.
I've tried talking to the app developers, and they seem to be responsive to my initial complaints, but acting on them seems to be another matter.
While I realize that because I'm rooted, I could just block the ads by hand, but I think the more responsible thing would be for these ad distribution networks to actually look into the things they are advertising on our devices.
If you're an app developer, I'd like to ask that if you have a choice of whose ads get displayed in your applications, take a hard though about the ads that are also being pushed to your application's users.
I'm just mad about the whole thing. If ICE/DoHS can take down any site they feel, why can't malware developers suffer the same fate?
Thanks
Click to expand...
Click to collapse
I also got the same feedback once but i could easily resolve this problem with my ad distributor as they block those ads for me..
"Free App: Battery upgrade" - sleazy ads
Hi all,
I found this topic, and think that it's the good one
Since some days, I have a strange ads in my notification bar, which displays: "Free App: Battery upgrade"
I launched some tools like Lookout or AVG Antivirus, but they didn't find any malware.
Does a specific tool exist to find this kind of malware, or maybe a way to find which app raised this bad ads ?
(last installed apps is Bubble level, but many apps are updated often, so I don't have any idea of which one could cause that )
Well done ,learn more
If it can help people (and it should help ), I found the solution of my problem of sleazy ads:
I installed from market Airpush detector (some other apps exists), which simply detects which apps contains ads (type Airpush), and propose to uninstall them.
At the end, it's simple. I'm very happy that these kind of tool exist, but I'm very surprised that such [email protected]\`@^ ads could be displayed in the notification bar
I wrote this On Xperia Neo General forum but it belongs to here much more.
Original thread at: http://forum.xda-developers.com/showthread.php?t=1447095
Click to expand...
Click to collapse
Introduction
I have not seen much talk about security in XDA.
First, here's just one informative link talking about using and developing apps and security risks involved.
http://www.technologyreview.com/comp...1/?mod=related
Any bug in software could potentially be used as a security loophole to gain access to private information, spy on you, get your credit card info(should you do such things on phone).
What is kind of unsettling is that everyone seems fine with modding, tweaking, developing and using those ROMs made in XDA without worrying if there could be that kind of bug in your made or used ROM.
You don't need a malicious app only to have risks. Most people use Windows so they should know that it is OP systems bugs and vulnerabilities that allow for unwanted access to your files, data, etc.
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM. That's just idiotic security system, for it is the only thing beside encrypting shut off phone on 3.0 and 4.0. So that means Android on it's own has no security measures while it's working. Even Windows has... some... but not too much... so you could pay for antivirus and antispyware software ofc.
It has always been the goal of big corporations to make money from insecurity, be they software developers, arms dealers and you name it. They all benefit from insecurities existing. Same is with Google and it's Android. But the good news is that we the users can modify Android. We could all say "Au revoir security bugs and loopholes!" if we would care about developing ROMs designed to make Android more secure... alas that's not happening yet!
Overview of Linux/Android security issues.
It's a short condensed description just to get you interested in the topic. There's lots of material on net, you only need to search, read, watch videos.
Linux becomes more vulnerable with more applications with different permissions installed. Same is true for Android.
Say your Phone Exporer has root access, that means it has root access to whole Android. To remove unnecessary risks, this app's root access should be limited to only most necessary functions it needs to operate.
Currently for Android there is no such solution. For Linux there is Apparmor.
http://en.wikipedia.org/wiki/AppArmor
Total root access is obvious vulnerability, but it is at least known one. Let's look at possibility of apps having hidden permissions and what that could mean to you.
Blade Buddy from Market.
On market it does not list permission to "Unique Device ID"(IMEI for GSM and MEID; ESN for CDMA) for free nor for paid version.
That means the author of BB has left the code from free version in paid one. This permission is used by ads to track you. It's not necessary code for ads, but it helps the dev know who clicked on the add and generated him some money. To see your money generating zombie empire stretch across the whole globe.... quite a thrill, isn't it?
So it's a latent code, with no benefit to user and an exploit only calling to be abused.
Unique Device ID allows you to be tracked on net and also where you are physically. GPS is just one way to find you, police for example have scanners to locate your devices physical location by the IMEI code. You can count on the "bad guys" having this technology as well, for it's quite a tool for burglars and other criminals.
The risks of your home being marked as the next dungeon to be looted by some raiders, I mean criminals(or perhaps WoW players sleepwalking and sleepraiding?) or getting your ID and bank details stolen by trojan/hacker is random. Yet the threat would not exist without apps having so flagrant hidden permissions.
Next app with ludicrous permissions
Brightest Flashlight
It does list many permissions, among them "Hardware controls - take pictures and videos ". No, it does not need a permission to take photos through cameras to operate the flashlight. But it's fun nonetheless for the dev to see his trusty peasants, or maybe he just likes to observe people like some watch fish in aquarium or hamsters in cage( "Look at that dork!", "You're one ugly m...f...er","ummm a couple kissing in dark with ma flashlight, what are they searching?", "what's that you eat, mr Korean, brains?" "hey show me that document again.")
You don't even need to run the app yourself. It can be triggered by hacker on background and take a snapshot of you.
On top of this little needless permission it has following hidden permissions:
1. Unique IMSI, read about here http://en.wikipedia.org/wiki/IMSI
2. MCC+MNC (CDMA)
3. Unique Devide ID
4. Cell Tower Name.
That's a lot of needless permissions for flashlight, these are there just to track you the app user and have nothing to do with your comfortable use of the app.
These are just 2 apps with totally needless permissions for their intended functioning. If you don't want your Windows and Linux have such security holes then why do you want your Android have them?! You don't want, that's the point and these apps would not be so popular if people would really know and care about their phone being secure.
It can be stated for sure that above exemplified permissions not listed on market are more useful for pranksters, criminals or someone plainly looking-down-on-all-the-dumb-sheep and not at all for any legitimate, user or customer friendly purposes.
There are very few tools to check for security and privacy problems in apps. That gives a sense that majority of devs do not want Android to be secure and private, because Android is another revenue generating platform through Google ads business of course. Were people more educated about the matter then Google ads business would shrink down as well. A private and secure Android can't be tracked or annoyed with ads. No ads, no profit. No security therefore means profit. Unfortunately this lack of security can be exploited by anyone with criminal or malignant intentions so very easily.
In my honest opinion. If someone keeps files like ccinfo they have to worry about being jacked then they deserve it. Should it happen. U shouldn't keep things on your phoney don't want the rest if the world to have
Sent from my Cyanocrack using Xparent Blue Tapatalk
You don't need to keep credit card info on phone, your using the credit card via Market or logging in to bank on phones browser is enough to intercept your credit card info. Your browser may show you xxxxxxxxxxxx+"last four digits only" but that doesn't mean the data to and from your device doesn't contain exact credit card number. It's encrypted, but that is merely a minor inconvenience for a hacker.
That is why being rooted is not advised to everyone. Mainly if they don't know what they are doing. Also customs roms are not for everyone. People flash them cause they think its cool and don't understand what they are doing. That is their problem. People should pay attention to the permissions that am app asks for. Common sense is the best protection. Main reason I don't do anything that deals with a bank on my phone.
Raoa said:
I have not seen much talk about security in XDA.
Click to expand...
Click to collapse
There's talk. It's just not on important yet, because the android device is not being marketed like an OS is with a personal computer.
However, the more we do on our phones, the more we'll realize it needs protection like firewalls. We catch a few like CIQ or the Wimax exploit, but it's going to get worse as we advance in our integration. We do need to start now before exploits get worse and stay ahead of the curve.
Until that time, 4G exploits and root kit programs will run freely on our devices that houses a lot of our personal information.
Plus, for some stupid reason, there are a lot of people who think Linux is immuned to viruses and security holes due to it's code transparency. Android is being mainstreamed. It will soon be a continuous target like other existing popular software programs and operating systems.
And that's why iOS is far superior even without widgets or live wallpapers.
Something to think about.thanks for posting.
Sent from my HTC Glacier using XDA App
alex2792 said:
And that's why iOS is far superior even without widgets or live wallpapers.
Click to expand...
Click to collapse
IOS and Mac are just as vulnerable, maybe even more so because of there popularity and the misconception that IOS is secure and does not need AntiVirus protection. Just last week i removed a nasty virus on a brand new Macbook Pro so that is not the way to think. You need to act as if there are security issues and just be really careful at what link you click and what email you open.
mattfox27 said:
IOS and Mac are just as vulnerable, maybe even more so because of there popularity and the misconception that IOS is secure and does not need AntiVirus protection. Just last week i removed a nasty virus on a brand new Macbook Pro so that is not the way to think. You need to act as if there are security issues and just be really careful at what link you click and what email you open.
Click to expand...
Click to collapse
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
I am not an expert on iOS nor do I have any wish to even know or use it, because Apple buys from suppliers that emply child labor and sweatshops.
When Linux started spreading around people also thought it has no viruses.
Same story repeats with every software.
For each different OS it takes merely time before people start to notice that their OS has viruses/trojans/spyware too. That doesn't mean their OS is not targeted. You should expect all sorts of thieves to use any and all opportunities.
Secondly OS does not matter so much as the matter that your device is connected to wifi, data, bluetooth, et or not. IP addresses, MAC, IMEI, etc they all stay the same on every platform. No matter which OS, they all connect to wireless networks, cell network, data, bluetooth, etc which all have set standards.
So someone wanting to track, spy, get your private info simply has to intercept the data your device sends to any network. If you don't use strong encryption to send info via network then it is easy to "wiretap" you.
Why is there so much spam, viruses, spyware in internet today? It's because the software managing internet is not made to be so secure. If it were secure then it would also be more private and safer for people to chat over net.
So not only OS's need to be more secure, but the very internet itself needs to be reformed.
This relates to SOPA and PIPA. Had those two bills been passed the next step would have been logically to make changes to all networks so you'd be more easily trackable, hackable, "wiretappable". It's simply logical, cause SOPA, PIPA were so defunctly worded as if asking/preparing for a third bill to regulate the networks.
So we must make sure that internet will be reformed for the private users and not for greedy corporations. We would not need to buy anti-spyware, anti-virus software if the internet were truly engineered for the welfare of humanity.
You could use any OS, bugged or not and not be afraid of loosing your property or privacy if the internet would stop such acts before they could harm you, the individual who is supposed to truly and freely benefit from the services; either for free or for honest price, but now you are robbed and think it is good to pay the thieves.
Raoa said:
Android itself is having very non-foolproof security system. All apps on unrooted phone are in sandbox. That's no security measure at all. It doesn't limit app from stealing your private info at all, it only cant delete the whole ROM.
Click to expand...
Click to collapse
Please elaborate. The sandbox does prevent one app from reading the data of another, such as the CC info from the Market.
Also, are you sure Market sends the entire CC number? There's no reason for it to send it, the transaction is performed on Google's servers.
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Click to expand...
Click to collapse
Are you talking about viruses or malware? Please don't conflate the two.
Malware is easy to take care of - check the apps you're downloading for what permissions they want. It's as simple as that.
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just before xmas an iphone developer admitted to deliberately uploading malware in his ios app to show malware can easily affect iphone.
http://m.intomobile.com/2011/11/08/security-expert-sneaks-malware-into-iphone-app-store/
That was for normal iphones. For jailbroken ones there are more malware apps.
Dave
Sent from my LG P920 using Tapatalk
Raoa, your absolutely right.
I've had the exact same thought recently
Its like the overall view of the Android landscape is ridden from real security apps, for the simple purpose of have the platform as open as possible. And while this is good for developers and users of this and other serious forums, its also open for the "dark" communities as well.
I often ask myself, if the ROM devs onboard have these thoughts themselves, as in, what is my source of this modded apk, is is straight from the Market or from another dubious, (do I dare say chinese forum, just an example)
And how clean is my code really?
And is all mods just legit just cuz they are from here?
I love that we have so many ppl having a desire to mess around with the OS, but I miss, as you say, the talk about having a go on security as well.
I dont know, but I do think that awareness, as you initial post direct us to, should be raised, as a natural step for any serious dev and users in general on XDA, to be more aware, of the code.
Im on my first year as an Android user, and ofcourse did have to gain root on my splendid Sensation. Why?, cuz I needed the security tools requiring root.
Ask again, why? Cuz I came from Winblows 7, and know what a jungle software is, and that is is indeed exploitable, like hell, you might say.
And Im gladd I did gain s-off and root, cuz its really really needed fo youre just a little concerned about your privacy in, mails, sms, location, usage pattern, netbanking, dropobox deposits of your ****, some might even be work related and therefore hold more than just your own privacy.
And then there is what you mentioned, our devices unique ID's, the intent "app install referrer" to "plug" you into admob/google analyzer and so on.
I love one guy here, Treve, who made the HTC tool for scanning for ****, Logging Test Tool, and in version 10, he made it aware of admob/mobclix/analytics, and my god it find a lot...
So Treve, please, if you read this, just go on, as every version you make is getting finer and finer.
We could learn from this guy, and others here that got more code-insight.
What we CAN do as a community at the very least, is to share our knowledge and tips for securing our phones.
HOST filtering, code scanning of apks and so on. using AV's and firewalls and so on.
Right from the start I noticed that Android is not a clean OS, nor is its app market, and I noticed this cuz I have another splendid little Linux system at hand, Smoothwall Express with url filtering and proxy enabled
and My god is Android and its aps LEAKING!
Have a look in your urlfilters on a standalone firewall the step after your wireless android phone, and watch how much **** is going on.
Well, I can tell you for a start that I have added atleast 100 new domains to my custom urlfilter, besides the casual downloadable HOST filters around the net, like the ones found in AdblockPlus and so on. But after android, heh, you need more than just advertising filtering, that much I can say.
Just as an example, like those you mentioned, I have one too, that I was made aware of by Avast on my phone tonight, that ChompSMS was being flagged as malware/trojan.
I thought, **** man, why this crap, Im quite fund of Chomp, really.
So I thought, no, imma let more that Avast on my phone have a go.
So I File Expert dump the full apk, and uploaded it for a scan on virustotal, just for the sake of it. And whatta'ya know, ClamAV, GData, Kaspersky, NOD32, and Sophos flagged it as that same Plankton.G variant as my on-phone Avast.
Great, I thought (sarkasm intended)
I thought a bit further and picked up APK Multi-Tool, had a decompile and a content-scan for just "http" in is readable code.
12 different domains is mentioned so far, and I didnt even poke in all of its xml's, just the smali's
I know android is by a far stretch advertising born, and ofcuz the app devs have a right to earn their money, no doubt about that, and I gladly pay for the good ****, like most ppl here believeably do, but.. 12 different .com's mentioned in its code is a no go for me.
I have earlier used Privacy Blocker, and Privacy Inspector from XEUDOXUS in the market, to make permission scanning, beside using LBE/HOST/Avast, and I like those two aps, the Inspector one is free but only can scan.
The paid Blocker can "repair" as a feature, but its not maintained enuff, so it often fails to make installable apks, so not really worth it for me anymore, but as a free too, it can tell you more about those permissions you mentioned.
But enuff said from me for now, lets just collect and share our tips and tricks, ALSO for security, not just developing ROM and mod's and hacks, as thou they are fine, if not to say, so cool and great, but, we need to be secure too.
Please do not polute the discussion with IOS vs Android and what not, cuz thats not the purpose of it, even thou it definitly concerns (g)A(r)pple products too.
Sincerely, Omnius
alex2792 said:
I'll give you OS X,but I've never heard of an iPhone virus while there are loads of malware on Android market.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Iphones can get viruses they come through SMS's and other sources not as bad as android apple keeps there market much more under control, but everything is vulnerable i work in a security team for a big corp and believe me nothing is safe.
Check these articles out i just found them on google.
I remember a while ago maybe a year or so there was a huge security hole in IOS5 and Mac waited a long time to tell the public and release a patch. The one major problem with Apple is when there are security threats they really try to keep it hush...Iphone's OS is tight but not totally secure. Its not viruses either its moslty just malware that charges you tons of money in texting i saw once an iphone that turned into a bot and at midnight it would dial a 900 number and just sit there all night at like $20 bucks a minunte then disconnect when it felt the phone move.
http://www.mactrast.com/2010/07/iphone-virus-discovered-be-vigilant-and-seek-advice/
http://techfragments.com/news/982/Software/Apple_iPhone_Virus_Spreads_By_SMS_Messages.html
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
weedy2887 said:
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
Click to expand...
Click to collapse
I wouldn't be so fast to praise MIUI.
weedy2887 said:
I'm going to fanboy MIUI for a second.
When you install an app you are presented with a screen (separate from the market) that allows you to toggle all the permissions an app ask for between Allowed/Ask/Disabled.
More roms should adopt this.
NB: I haven't checked CM9 so it might be a CM9 feature that MIUI has polished or it might be native to MIUI.
Click to expand...
Click to collapse
The problem is the "Average Joe" doesn't even look at those or doesn't know what they mean. I see so many viruses/malware/open security holes just because of user error its insane. Almost 90% of security breaches or problems originate from the end users not paying attention or just not knowing or caring. Also another thing i see so much when new clients call me with there servers melting down and all there banking info being stolen is they haven't installed any updates on there servers since they were set up 2-5 years ago. I worked for a large industrial supply company and all there servers running MS Server 2008 no updates had been installed and they were using AVG free on there main SQL server...INSANE LOL
Then theirs the users, "my computer was fine until my friend on facebook wanted my SS# and mothers maiden name and insisted i open his email attachment, now its acting weird what do you think is wrong?"
Brutal
what is the 4g exploit that you are talking about? And is it only with wimax or is lte part of it as well?
Oneiricl said:
Malware is easy to take care of - check the apps you're downloading for what permissions they want. It's as simple as that.
Click to expand...
Click to collapse
It's absolutely amazing that people are willing to put up with something so ridiculous.
Sent from my SGH-I897
Socialize is a 'drop-in' sdk that allows app developers to get paid for spying on its users. They specifically state they are not interested in your demographic, but instead on your personal interests. They collect this information by asking app developers to include their sdk inside of the app.
I'm a PC user, and never owned a smartphone, so all of this lack of privacy is really disturbing to me. I would like to retain the privacy my PC has provided me with on my tablet as well
Http://blog.getsocialize.com/category/app-showcase
This is a partial list of apps infected with this spyware. This probably isn't a complete list, and there are far too many to to remember to stay away from.
I'm looking for a way to actively detect and warn me of app installations that include this. I would love to see Avast take up this cause and start detecting this as a PUP at the very least.
Are there any apps out there designed to detect spyware like socialize?
i guess i should have known, posting about mobile spyware in a mobile developer forum was going to get my post hidden off in a corner to die alone =P
You have to give it time. A sear h would have told you people here are worries about their privacy just as much as the next Person.
Sent from my SGH-I777 using Tapatalk 2