Do not download apps from untrusted market places - Android General

Hello guys,
This is a news of 1 month ago, but I want to share what we developers have discovered debugging our apps.
There is a new trojan in town, something that is injected in the APKs and starts to download other apps and track you down. It's easy to be found but for developers it's impossible to remove it because it comes from an altered version of the original APK.
It's important to understand that with some work is possible to alter an app and to publish it on third party stores.
I highly suggest to download apps only on google play or amazon. If you really need to download an app, be really careful and scan the apk. If you get a crash check the logcat and if you find something like this "com.walkfreestub" clean your phone immediately.
These are some experiences by the devs:
https://forums.malwarebytes.org/ind...86944448apk-from-mobogenie-allegedly-pou-app/
http://stackoverflow.com/questions/32080414/what-is-com-walkfreestub-causing-crashes-on-android
https://groups.google.com/forum/#!topic/android-security-discuss/YH80_qADG5E

What antivirus is recommend?

injulia said:
What antivirus is recommend?
Click to expand...
Click to collapse
You can try with Malwarebytes :good:

Related

[Q] Antivirus

I will be getting my transformer in a couple days. I am a complete noob to android (first device) and need to know if antivirus is necessary on this device. Specifically:
1. Does the transformer come with any antivirus built in.
2. Do you feel android devices need antivirus, if the user is careful, and
3. If so, do you recommend a specific program?
Thanks in advance for any responses.
No antivirus is included and I really haven't felt the need to find and install one.
I think we are mostly safe if we get our apps from trusted sources like Android Market or Amazon Appstore.
If you go out downloading APK files from shady websites I suppose you could have a problem.

[Q] How can I test an .apk to see if it's "safe" to install?

Hi,
Sometimes an app (.apk) is either simply not available through Google's store, or it might say "not compatible with your device", etc. There can be various reasons why a person might download a .apk from somewhere other than a "trusted" source.
If this was a file for my PC I could test it in a "sandbox", and I could scan it with both Microsoft Security Essentials and Malware Bytes Antimalware.
On my Android phone(s) I'm not aware of something like the "sandbox" option, and I don't really want to run an "antivirus" program on my phone. Is there an easy way to scan .apk files on the PC to see if they are rogue apps, might send SMS, "phone home", or otherwise mess with other applications or the system software installed on my phone?
Lets give another example: say I thought 15 minutes was not long enough to evaluate a relatively expensive Android game (it certainly isn't!) and I want to test it out first. Let's assume my only option in that case might be an illegally downloaded copy from unknown sources. Of course, we shouldn't do that. But if we did, how could we know if the file is safe and not risk installing some Chinese spyware?
About Android AV programs: anybody know how effective they are? Do some defend against "trojans" - I would think these days trojans are 99% of problems and viruses mostly a relic of the past?
My biggest concern is actually just unwanted crap that runs in the background which eats up battery, makes my phone warm (which I hate), or, perhaps even sends SMS message [this would be even worse because I don't have a text message plan].
EDIT: I see web pages with tiles like "new study finds Android antivirus apps not effective" and articles like this one: http://www.zdnet.com/blog/hardware/...bouncer-does-it-offer-enough-protection/17981
Do we have an easy way to boot Galaxy S3 off of "external" SDCARD instead of internal memory?
Search play store for avast antivirus, completely free, updates daily and works really well (firewall. Anti theft. And many more Features
sony xperia ray ics 4.0.4
stock rom unrooted
I found this website, maybe it can help someone.
h t t p://scan.netqin.com/en/
Maybe someone can post another one...
an easy way to check for safe apk
The easiest way to check for safe apk is to have one gmail account and another "whatever" email account. Then just send the apk from the gmail one to the second account, gmail always find viruses in any apk and stop the process to join the file (virus alert). Bad point is you are limited with the size of the file you wanna send.
Nowadays, even pc antiviruses can detect viruses in apks. I would rather not burden my phone with any android antivirus,since they are literally battery hogs.
sent using my HTC One S
Go here and upload the APK
http://anubis.iseclab.org/
Anubis is a service for analyzing malware.
Submit your Windows executable or Android APK and receive an analysis report telling you what it does. Alternatively, submit a suspicious URL and receive a report that shows you all the activities of the Internet Explorer process when visiting this URL.
Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, crypto operations, dynamic code loading and information leaks. In addition to the dynamic analysis in the sandbox, Andrubis also performs static analysis, yielding information on e.g. the app's activities, services, required external libraries and actually required permissions.
Found a good one too
apkscan.nviso.be - give it a try. Drag and drop - wait for the upload - than click SCAN . Wait for a few minutes. That`s all. Unlike ANUBIS it has a resolution at the end of the analysis . Usually helpful.
You can also email the file to [email protected] and it will email the report back in about ten minutes. Virustotal can display some interesting info, for example it said that Lucky Patcher is a "Potentially Infected Hosts File (v)", as reported by VIPRE and AVware.
Virustotal also has an official android app.
The Netqin scanner is also an android mobile app.
Late answer, sure, but I think ClamAV is what you want. You also want its bytecode signature file, and to speed things up, you only want that single file (speeds up things quite a bit).
It is the only offline apk scanner i know of, and as for its efficiency i cannot say, but it seems like it is what you are asking for.
An alternative would be to install something like BlueStacks and remap your "Windows shared folder" (through registry) to the folder you have your apk files in, and then run BitDefender on it. BD is by far the most pernickety AV app out there for Android.
I'll have to check out bitdefender (it's also included on virustotal.com)
apkscan.nviso.be seems to be pretty good at analyzing files for suspicious activity, and it also uploads the file to virustotal for you. Then you can copy the sha256 hash into the virustotal's search, to get all the gory details.
anubis.iseclab.org limits files to 8 megabytes.
Another way to avoid malware is:
when installing an update to an already-installed version of an application, it will 99% of the time prompt you to update an existing app. There's been rare instances where some apps do use a new digital signature (for example when spotify had a big security hole, and for awhile there were two apps by spotify in the app store).
One other way to tell, as a final check when launching the apk for installation on the phone: the icon will not have the right icon. I've installed apps before that I thought came from a trusted source, but the icon was not right. In fact, I was considering not posting this publically, so the "bad dudes" would not update their methods.
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
nintendo1889 said:
Another tool I found:
http://andrototal.org/
Although it might be a duplicate of virustotal.
Click to expand...
Click to collapse
I just tried out this site. To me, it appears to be the most thorough virus testing site that I have seen. It takes some time for it to complete the scans. mainly because it scans the file with about 7 or 8 different scanning engines. Just just have to keep refreshing the page every few minutes to see if the results have updated.
I will be using this one as my go to site for apk scanning.
Just install it on the default emulator in the Android SDK
You can also install your apps on other emulator live bluestacks(best for games), jar of beans(best for rooted app) and windroy(the lightest)
Hit thanks if this helps
nintendo1889 said:
I'll have to check out bitdefender ...
Click to expand...
Click to collapse
Your signature photo ... awesome ... Bad Dudes
By using GDATA security , When you want to install an app the GDATA will scan it befor installing
Sent from my LG-D855 using Tapatalk
Use google scanning service VirusTotal to scan any app, secondly always use secure source. There are many well reputed apk sites but I personally use apklink.com , on this site required apk file is just a click away and its quite easy as well...
be safe & secure
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
denise1952 said:
This threads out of date, but it has me thinking I want to use something as mentioned in several replies to OP.
Are there any sites, or apps that can warn me if an .apk (for example) has malware etc.?
Thanks in advance for any help, including a link to another discussion that may have my answer
Click to expand...
Click to collapse
Malwarebytes can detect malware.
Sent from my LGL84VL using Tapatalk
I tried this site and I like it because it goes into a lot of detail after analyzing and sends me a report in email. It was mentioned, and it is still available to use: https://apkscan.nviso.be/
Thank you for the heads up on MB, I use that on my PC and works great
You can use virustotal.

security concerns migrating from iOs to Android

As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
applefag said:
As title suggests, coming from a so called "clean" iOS environment to Android, my main concern how susceptible is my data to being stolen. I have no (current) plans to root my next phone and will be used mainly from business, but from what I have read in the past even google play store apps have been to known to have malicious content. Am I worrying too much ? I do carry sensitive work data on my iPhone.
Click to expand...
Click to collapse
As long as the apps you install are from known sources (i.e. Play Store) you don't need to worry. Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it. Finally for safety reasons never install any apps from unknown sources (i.e. outside of Play Store) unless you trust the developer.
If you still find yourself worrying read this.
applefag said:
Am I worrying too much ?
Click to expand...
Click to collapse
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry. FYI http://en.wikipedia.org/wiki/Security-Enhanced_Linux
kalpetros said:
Also every time you download an app check the permissions. If you think that the app shouldn't have those permissions then don't download it.
Click to expand...
Click to collapse
Well only if you are sure. Sometimes apps need permissions that aren't justified for some people.
for the open nature of the android ecosystem, it is somewhat normal that you will have to be careful though there are several different techniques, i use this the most.
Root your phone, install xposed framework and install xprivacy. here is a review of what it does http://www.xda-developers.com/android/manage-individual-app-permissions-with-xprivacy/ . I know the installation pprocess may seem daunting, but it is easier than you think this module wil allow you to block apps of certain permission. IE. you can block location service for all the apps on your phone so that no app can get your location. There are bunch of other permissions that you can block like access to contact, gallery etc
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
SaffatBokul said:
My question to others is : Is antivirus application on android worth it? I mean can it protect me from real time attaks and malwares??
Click to expand...
Click to collapse
Not useful IMO. FYI I remember this article.
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
snapper.fishes said:
User sensibility is your best defense. Don't install apps not from the market. Only install apps with a lot of positive comments.
I would advise again rooting your phone. It's true that there are ways to block apps from accessing your private data on a rooted phone, but the additional vulnerability from unlocking your bootloader and rooting is not worth it. Just stick to apps from major developers.
Click to expand...
Click to collapse
I agree, rooting your phone comprimises your security even if you do it to install security apps.
Primokorn said:
Yep
I think you won't install any app outside Google Play so install apps that you know and you won't need to worry.
Click to expand...
Click to collapse
Unfortunately, new apps in Google Play are rarely verified by Google staff, so there is still always a possibility of trojan or other malware.

Good antivirus for rooted phones?

Hey does anyone know of a good antivirus app for a rooted zenfone 2e? I want one that is free but has as many features as possible as well. Thanks.
I used to use Avast but the best anti virus is you, the user. Know your system, know the internet. If youre rooting, you will/should eventually get very familiar with android, how it behaves, the file system, permissions, built-in apps, etc. Avoid indiscriminate app downloads, especially from places other than the play store, and never follow links that youre unsure of. My opinion is that Windows is the only OS that AV is pretty much necessary.
I second avast. An interesting feature is that it will survive a factory reset if stolen.
zshep99 said:
Hey does anyone know of a good antivirus app for a rooted zenfone 2e? I want one that is free but has as many features as possible as well. Thanks.
Click to expand...
Click to collapse
Unlike the PC, it is extremely unlikely you will "get" a virus on your android. It is you who has to install the malware to make it happen. And it is extremely easy to remove the malware. A factory reset would do it and as root user you could simply restore your nandroid backup.
tetakpatalked from Nexus 7 flo
Most antivirus apps come with a huge amount of crap no one needs. They often drain your battery and slow your smartphone down. I have also seen antivirus apps which behave more like spyware by replacing advertisements in other apps or direct you to untrustworthy websites when opening the webbrowser.
My opinion: You do not need an antivirus app on your smartphone. Make sure you install most apps via appstore. Take care with apps from 3rd party websites. (Especially if the website says you have an virus on your smartphone => scareware!)
I would never install Antivir-Apps, since they will drop your phone-performance. And what do you get for this? Nothing. Just be carefully of what you are downloading.
i thinks for android no needs one antivirus..
Kenfary72 said:
i thinks for android no needs one antivirus..
Click to expand...
Click to collapse
+ one
Envoyé de mon E5333 en utilisant Tapatalk
Kenfary72 said:
i thinks for android no needs one antivirus..
Click to expand...
Click to collapse
+ two
My opinion is that android doesn't need antivirus software when the user is careful about what he downloads.
no disregard to anyone, but are you sure you are in developers forum ?!?! this is not a google store !
do you still live in Symbian world ? even the google play itself has malwares ! or you just want to ignore it ? beside those, hangroid can be easily hacked. the only system that dose not a antivirus is winphone, and it has not need it yet ! but they will come for it very soon.
personally i will never trust ios o even open my email, and in android i have an original payed antivirus that really can respond to a virus. i have original nod32 (i do NOT like it, but i didn't get a better one in hangroid.)
visited by lenovo tab2 a8.
best regards, josef.
josef2600 said:
no disregard to anyone, but are you sure you are in developers forum ?!?! this is not a google store !
do you still live in Symbian world ? even the google play itself has malwares ! or you just want to ignore it ? beside those, hangroid can be easily hacked. the only system that dose not a antivirus is winphone, and it has not need it yet ! but they will come for it very soon.
personally i will never trust ios o even open my email, and in android i have an original payed antivirus that really can respond to a virus. i have original nod32 (i do NOT like it, but i didn't get a better one in hangroid.)
visited by lenovo tab2 a8.
best regards, josef.
Click to expand...
Click to collapse
Best antivirus is still brain.apk
Just do not instal every bulls* and you are good to go.
Most antivirus apps are snakeoil/bloatware which will not protect you from anything!
It is good to think about an anti-virus. Android malwares exist, so everyone who's telling here that AVs for Android are a no-go are jumping the gun. However, the Android system already has some security measures into place. So is it still worth it? Yes. The Play Store can't guarantee a 100% clean virus free app collection. History has shown that. "use your brain" is also not a really constructive argument, it is easy to install a sample or virus infected application. Is it that dumb to use an AV on Android? No.
My suggestion, *buy* an AV. For example I have a yearly subscription to Freedome from F-Secure (VPN service). Primarly for my laptop but you can install it on three devices (I have it on 2 laptops and my smartphone). For the smartphone, besides a VPN the app will also scan the device for malicious apps so I got all my important security features in one app. I know that Avast has something similar. I paid 50 euros for one year, which is next to nothing considering the features and piece of mind. And for all those that go on ranting on my post here, I am a security professional in Android and see malware samples from the inside (reverse engineer) all the time
I encourage you to look in those options: VPN and App scan.
tetakpatak said:
Unlike the PC, it is extremely unlikely you will "get" a virus on your android. It is you who has to install the malware to make it happen. And it is extremely easy to remove the malware. A factory reset would do it and as root user you could simply restore your nandroid backup.
tetakpatalked from Nexus 7 flo
Click to expand...
Click to collapse
Remember stagefight thingy ? One could have abused it to gain root privileges and install a binary that run at start, a raw binary, not a package.
Tell me how it is easy to uninstall it, you would first have to track it, if it's purpose wasn't to patch other binaries, and then, you're good to reflash system partition.
No system is invulnerable
Of course, it's tough to get a virus on android, but there's still common malware, adware, scareware, and raw security flaws. There is still need for security solutions, mostly for the raw flaws.
Best choice for you from my point of view
CM Security & Malwarebytes Anti-Malware
I agree with Magissia if you think over that what you are going to do.
Virustotal AND vulnerability patches

I don't want to update the app, thank.you

Hello everyone.
I'm writing today to see if anyone is willing to help a newbie out with this:
There is a certain app that I feel got ruined with its latest update, and I'd much rather stay with an older version.
Is there a way to tell the playstore to not offer me updates for that particular app anymore? I guess I could just ignore the notifications, but they bother my OCD.
I'm using an unrooted aosp phone under android 10, if it matters.
Best regards.
If you don't use wifi, disable it then set Playstore to only auto update by wifi.
I keep invasive Playwhore disabled except when I rarely needed it.
Use ApkExport to make an installable copy of that version of the apk, just in case.
APK Export (Backup & Share) - Apps on Google Play
Manage and extract your apps.
play.google.com
You can make the same application with different application name with AppCloner. It won't offer update like that.
dedq said:
You can make the same application with different application name with AppCloner. It won't offer update like that.
Click to expand...
Click to collapse
Can renaming allow you to easily run multiple versions of the same app?
blackhawk said:
Can renaming allow you to easily run multiple versions of the same app?
Click to expand...
Click to collapse
It can without any problems.

Categories

Resources