LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 11-21-2011, 08:21 AM   #1
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu 12.04LTS
Posts: 260

Rep: Reputation: 31
Android OS VULNERABILITY


Several companies are warning about a flood of malware aimed at the Android OS.
I assume this is a Unix based system. Would anyone like to comment on why it is so vulnerable?

Matthew
 
Old 11-21-2011, 08:54 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,492
Blog Entries: 54

Rep: Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910Reputation: 2910
Quote:
Originally Posted by drmjh View Post
I assume this is a Unix based system.
Why assume when you can just read android.com?


Quote:
Originally Posted by drmjh View Post
Would anyone like to comment on why it is so vulnerable?
Dunno but the sum of Linux kernel tweaks (the kind Linus doesn't seem to want included in mainline), a proprietary software stack, firmware security weaknesses, the ability to load unofficial apps, DEX-which-surely-isnt-Java, but most of all the commercial nature including whats sold on (or illegally obtained outside of) Android Market seems like a fertile basis for trouble.

// CVE's for Android alone: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=android
 
1 members found this post helpful.
Old 11-21-2011, 02:45 PM   #3
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
It is alleged (by people who know???) that one of the major aspects is that apps in Google's App Store are not really audited in any systematic way, while in, eg, the Apple App Store, apps are audited more closely (...and can be ejected on an 'what Apple thinks that you ought to be able to do with your phone' basis, but that's another issue...).

Probably, Google have to do a better job with this in future, but you have to remember that one of the reasons got from zero to having a well populated app store in a relatively short period of time is that Google was liberal with developers and made the platform easy to develop for and allowed devs to put almost anything on the app store (if you were spending money on developing something that you knew was 'on the edge', what would you develop for, a platform from which you were likely to get kicked off at any time, and there was no way back or one where you were pretty certain to stay in the app store, and for which there were alternative channels?).
 
2 members found this post helpful.
Old 11-21-2011, 04:11 PM   #4
jmc1987
Member
 
Registered: Sep 2009
Location: Oklahoma
Distribution: Debian, CentOS, windows 7
Posts: 866

Rep: Reputation: 110Reputation: 110
Quote:
Originally Posted by drmjh View Post
Several companies are warning about a flood of malware aimed at the Android OS.
I assume this is a Unix based system. Would anyone like to comment on why it is so vulnerable?

Matthew
Android is Linux Based not Unix. Unix was original designed by AT&T labs with a restricted Licenses aka proprietary software . Now there are a few flavors of Unix with couple are free and Linux was developed by Linus Torvalds with the devotion to make an OS that will always be free no mater what.

Anyways I do see how it could be a possible security flaw in the system but do you have any Links to your sources. I can't say its not that secure considering I don't really know how its developed.
 
1 members found this post helpful.
Old 11-21-2011, 07:52 PM   #5
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu 12.04LTS
Posts: 260

Original Poster
Rep: Reputation: 31
Android Malware ?

My reason for asking the question is that the media tells conflicting stories.
Matthew

E.g. "... The open-source advocate, who manages Google's developer outreach programs and oversees the company's license compliance practices, dismissed the Android threats reported by the security industry until now as little things that didn't get very far because of the platform's sandbox model and other architectural features.

Security experts disagree with this assessment and point out that the levels of Android malware have registered a huge increase this year.

"Today malware for Android devices is one of the biggest issues in [the] mobile malware area," said Denis Maslennikov, a senior malware analyst at Kaspersky Lab, in an email interview. "The growth of numbers of malware for Android is significant in [the] last 5 months. In June we've discovered 112 modifications of Android malware, in July - 212; August - 161; 559 in September; 808 in October," he added.

A similar trend was observed by other antivirus vendors, with Trend Micro reporting a 1410% increase in the number of Android threats from January to July 2011. "The more important figure is not the total number of malware, but the rate of increase of that malware quarter on quarter and year on year. That demonstrates current, active and sustained criminal interest in the mobile platform," said Rik Ferguson, the company's director of security research and communication.

The majority of Android malware threats consist of Trojans, not traditional self-replicating viruses or worms. However, these can be just as damaging if not even more so, the security experts said."
 
Old 11-21-2011, 09:29 PM   #6
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 7,967

Rep: Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507
Anti-virus companies have a tendency to emphasize the danger of threats; it sells AV programs.

Please note that I'm not bashing Kapersky; I quite like their stuff. It's more a "when you're selling hammers, every problem is a nail" syndrome.

What reading I've done on this indicates that the biggest danger is from installing dodgy applications, rather than spontaneous infections.

This is not necessarily solely a Google problem.

If I want to install a simple single user game, and that game tells me at time of install that it wants to access the internet, read the GPS, and access my contacts, for example, I should have enough smarts to ask myself, "Why does Pookie Pookie Pong want to see my GPS and go on line and see my contacts?"

If there's no satisfactory answer, then I don't install Pookie Pookie Pong.
 
1 members found this post helpful.
Old 11-22-2011, 06:52 AM   #7
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
This article seems like a more-or-less balanced account of the current dispute.
 
2 members found this post helpful.
Old 11-22-2011, 08:23 AM   #8
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,402

Rep: Reputation: 1131Reputation: 1131Reputation: 1131Reputation: 1131Reputation: 1131Reputation: 1131Reputation: 1131Reputation: 1131Reputation: 1131
Quote:
Originally Posted by salasi View Post
This article seems like a more-or-less balanced account of the current dispute.
Indeed.

Never trust someone with advice who has something to sell you.

While there is nothing "intrinsically secure" about one system or "intrinsically insecure" about another, the way in which Windows systems have been deployed in a purposely-defenseless way is legend. And, lucrative.

Apple simply made "code signing" mandatory. You have to obtain a digital certificate from them. Your phone won't install anything that doesn't have one; it just won't. It is my understanding that Android does much the same thing.

Windows has had code-signing support for years, but never required it. Don't ask me why.

Yes, I do think that these are just "snake-oil salesmen." For a generation, they've made their money by removing the doors from the barn and photographing your prize race horses as they were carted away.
 
1 members found this post helpful.
Old 11-23-2011, 10:53 PM   #9
RedNeck-LQ
Member
 
Registered: Jan 2011
Posts: 83

Rep: Reputation: 11
Quote:
Originally Posted by drmjh View Post
Several companies are warning about a flood of malware aimed at the Android OS.
I assume this is a Unix based system. Would anyone like to comment on why it is so vulnerable?

Matthew
The same reason why windows is attacked the most. Windows is the most used desktop OS and android is the most used OS on mobile devices.

Also, malware writers know some people are not cybersmart because they will click and download anything.

Another thing that makes android vulnerable is the permissions some apps need. The good thing is nothing is installed until you say so. In fact, it shows the permissions it needs. However these permissions can be unclear to a novice user and can get them infected if they installed a bad app.

Last edited by RedNeck-LQ; 11-23-2011 at 11:05 PM.
 
1 members found this post helpful.
Old 11-23-2011, 11:07 PM   #10
vharishankar
Senior Member
 
Registered: Dec 2003
Posts: 3,142
Blog Entries: 4

Rep: Reputation: 121Reputation: 121
Looking at the Android market reminded me of those old shareware, freeware and adware sites of dubious quality when I used to use Windows 98/NT/2000.

That alone swore me off the Android platform. Associating the Android name with Linux (or worse UNIX) is the worst possible advertisement for Linux/UNIX.

Android is also a battery life sucker. I hear they fixed the problem in later versions than 2.2 though.
 
1 members found this post helpful.
Old 11-23-2011, 11:22 PM   #11
RedNeck-LQ
Member
 
Registered: Jan 2011
Posts: 83

Rep: Reputation: 11
Rumors have it that Ubuntu will have a tablet in the near future.

Not a fan of the *buntus, but will get one just to install over it with another linux distro like arch.
 
1 members found this post helpful.
Old 11-24-2011, 07:11 AM   #12
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu 12.04LTS
Posts: 260

Original Poster
Rep: Reputation: 31
Thank you each & all for your input.
When an application is downloaded to Android, it sounds like the User is asked to confer certain permissions. (I do not own a Android-device). Anyone care to speculate about which 'obvious deadly permissions' are never to be granted and more interestingly, which sneaky or covered permissions, can be subverted and mis-used.
Matthew
 
Old 11-24-2011, 10:12 AM   #13
RedNeck-LQ
Member
 
Registered: Jan 2011
Posts: 83

Rep: Reputation: 11
Quote:
Originally Posted by drmjh View Post
Thank you each & all for your input.
When an application is downloaded to Android, it sounds like the User is asked to confer certain permissions. (I do not own a Android-device). Anyone care to speculate about which 'obvious deadly permissions' are never to be granted and more interestingly, which sneaky or covered permissions, can be subverted and mis-used.
Matthew
Read this
How to be safe, find trusted apps, & avoid viruses - A guide for those new to Android
http://androidforums.com/android-app...w-android.html

I suggest you print this out for easier reading. It is very informative. But if you want to read about permissions only then scroll down to Permissions.


Hope this helps

Last edited by RedNeck-LQ; 11-24-2011 at 10:20 AM.
 
2 members found this post helpful.
Old 11-24-2011, 10:18 AM   #14
drmjh
Member
 
Registered: Mar 2005
Location: North Carolina, USA
Distribution: Ubuntu 12.04LTS
Posts: 260

Original Poster
Rep: Reputation: 31
Spot On!!, Redneck- LQ
This clears up the gist of my concerns.
Many thanks.

Matthew
 
Old 11-24-2011, 10:25 AM   #15
RedNeck-LQ
Member
 
Registered: Jan 2011
Posts: 83

Rep: Reputation: 11
You're welcome
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Android App Build Environment With Eclipse, Android SDK, PhoneGap (Fedora 14) LXer Syndicated Linux News 2 02-01-2011 11:11 AM
LXer: Setting Up An Android App Build Environment With Eclipse, Android SDK, PhoneGap (Ubuntu 10.10) LXer Syndicated Linux News 0 01-27-2011 11:30 AM
LXer: Get Started with Android application development using Linux and Android SDK LXer Syndicated Linux News 0 01-06-2011 01:50 PM
LXer: What I like about Android - and what I don't -- My Android Review (including my Favorite Apps) LXer Syndicated Linux News 0 11-18-2010 02:20 PM
LXer: Android-x86 - run Google Android on a netbook LXer Syndicated Linux News 0 12-06-2009 01:30 PM


All times are GMT -5. The time now is 02:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration