Trend Micro Unearths a Massive Android Adware and Data-Harvesting Ploy

Spider

Administrator
Staff member
Mar 24, 2011
15,785
1,813
By Chinmoy Kanjilal on October 29th, 2012

The world is seeing a paradigm shift from PCs to mobile solutions. While performance improvements, availability of apps and aggressive marketing has skyrocketed Android’s popularity, there is a vital area that has been ignored — Security. Android phones run apps, which connect to the Internet the same way your browser connects to the Internet. While, the browser’s access to your operating system is well regulated by the browser manufacturer, an app’s access to your system is defined by the app developer at his own will. Some apps use ad networks for monetization, and these ad networks gobble up all kinds of personal information notoriously. This poses a serious security threat, which is being exploited now.



In a report titled “Android Under Siege: Popularity Comes at a Price”, Trend Micro has released the scariest report out there for Android enthusiasts. Android malware count has increased 600% from about 30,000 mid-2012 to about 175,000 now. Most of these infected apps are fake versions of popular android apps. Some others do not have proper disclosures of activities listed on their EULA.

A dangerous malware called Zero Access Malware that can patch system files has been seen on more than 900,000 devices, and there are over 7000 Android devices that are infected with a dangerous adware, which harvests your personal data without permission. The top two countries sending out malware and hosting data harvesting botnets are Saudi Arabia and India. These are good choices for running such operations, as they are not seen as the conventional cybersecurity threats.

Clearly, the openness and regulation-free nature of the Android platform is taking a toll on security. Android developers need to address this issue and come up with a secure platform. Failing that, Android will soon become the Windows OS of the mobile world.

Read Trend-Micro’s report here [PDF link].
 

J515OP

Super Moderator
Staff member
Jan 6, 2011
5,172
899
It is a new era and this isn't just an Android problem. Today is all about data and mining personal information. Even for apps that are legitimate most ask you to give them permission to use your data before downloading. Honestly how many users even read through this stuff, and if you do how often does that stop you from downloading an app? If it did you wouldn't be able to ever install more than a hand-full of apps.

Microsoft actually just unveiled its WP8 and has a really interesting data meter that will show you exactly what apps are consuming data and using the internet. Microsoft unveils Data Sense for Windows Phone 8, to debut on Verizon devices -- Engadget. It is meant to help track data usage so you don't go over your plan but it turns out to be a good way to keep tabs on what apps are keeping tabs on you. This can go a long long way to pointing out overly intrusive apps and I can only hope all mobile OSes follow suit.

$Windows-Phone-8-Data-Sense.jpg

Even then companies want their data and even when you opt out you might not be opting out...

Yahoo! is latest company to ignore IE10's Do-Not-Track setting - TechSpot News

Microsoft's decision to enable Do Not Track in IE10 by default is still managing to elicit industry criticism. Yahoo is the latest company to ignore IE10's on-by-default DNT policy, joining Apache in not recognizing the browser's DNT setting. Yahoo reasons that Microsoft's automatic implementation of DNT degrades the user experience and does so without expressing the intent of those users.

Perhaps unsurprisingly, the ANA (Association of National Advertisers) also recently spoke out about IE10's DNT policy. The organization described Microsoft's decision to enable DNT by default as a profound disappointment, reasoning that the feature will hurt ad targeting specificity and as a result, will damage overall advertising revenue. The ANA argues that decreased ad revenue will provide less incentive for quality content and will ultimately hurt the web.

So basically advertisers have decided for us that is in our best interest to opt-in by default rather than opt-out. I am far from paranoid but it is a whole new world of intrusiveness out there and the business have decided that since we all seem to be ignoring the issue that we are ok with being tracked down to the tiniest details of our interactions with the internet.

And more incase you think using some of the other big boys are safe from these sorts of actions: FTC
 
Top