Related
Im still pretty new to the smartphone world. But after looking at various apps I noticed the app declares a list of permissions it will need to certain files on the phone. Im just concerned that any one of these apps are gathering sensitive information like our contacts or notes on our phones. How do we know exactly what is being accessed and sent out. I just realized an app like mixzing sends the developers information about the songs we listen to, our playlists, etc.. Now Im not too concerned about this in particular, but how do we know what other information they or any other developer are grabbing from our phones? On a PC you atleast have a firewall, router, security sofware, etc..
Its interesting that someone finally asked this question. I asked this very thing since i.had my G1.
I am in infomation security and as a security researcher, ive used a rooted device and the shark app which is like wireshark for packet captures from your phone. You could always stick your vibrant on your wireless network and watch the packets there as well.
Take a peek at this screengrab from an alt keyboard install from the sticky page. I would not trust any app at all
On a side note, if you saw the forensics app for these phones...wow
Sent from my SGH-T959 using XDA App
there have been apps said to collect sensitive data that it doesnt need to function... In russia there was also a tip calculator that sent sms messages to various numbers without your knowledge... at the moment there is no virus, or worm, or trojan for android atleast not on this side of the world...
Just be careful what you download, always read the apps permissions..
Or download a app that scans applications, I personally use Lookout. Not because im paranoid about viruses but there are other features implemented such as losnig your phone and includes tracking.
It's on the market, "Lookout."
Lookout is a great tool to have. I use it on all my phones, out scan every app as you install, if its bad, it'll tell you
Sent from my SGH-T959 using Tapatalk
paradox4286 said:
Lookout is a great tool to have. I use it on all my phones, out scan every app as you install, if its bad, it'll tell you
Sent from my SGH-T959 using Tapatalk
Click to expand...
Click to collapse
SO how man y, if any, bad apps have you encountered? I havnt bought into the whole AV for mobile phones yet. I understand the potential risk, but the real world risk seems minimal to nearly nonexistant at this moment. Now I will probably be one of the first ones to go palm to face when the first virus makes its way around and I get it, but for now i'll stick with the ignorance is bliss unless this lookout app is actually kicking back potential risks.
Chief Geek said:
SO how man y, if any, bad apps have you encountered? I havnt bought into the whole AV for mobile phones yet. I understand the potential risk, but the real world risk seems minimal to nearly nonexistant at this moment. Now I will probably be one of the first ones to go palm to face when the first virus makes its way around and I get it, but for now i'll stick with the ignorance is bliss unless this lookout app is actually kicking back potential risks.
Click to expand...
Click to collapse
It's 0.. I use it mainly incase I lose my phone. That's the thing about Lookout, it isn't intrusive at all. It runs weekly scans (disabled if you want), and scans when you install a new application.
It has a lot of other functionality other than scanning for malicious applications.
Dear G TAB Forum:
I have only had my G TAB for 1 month and so far everything works well. However, As I continue to download Android Apps, I am getting a little paranoid that the G TAB has no Virus Protection Software installed on it? First question...is Virus Protection needed? and second, what are the best Android Virus Scan downloads available? Thank you for the feedback.
Can't sure for sure which is the best in regards to actual protection, features & system resources footprint, but I will say that having it is better then not.
My main issue with the current anti-virus apps for android is that they only scan after an app has been installed which IMHO makes no sense at all. Shouldn't an anti-virus app catch a virus before or during a download or at the very minimum scan the install file prior to being installed?
The one I currently use is LookOut which seems to be quite popular, however it still has the flaw as those I mentioned above.
Droidwall is also a good way to control what apps actually have access to data and wifi.
Sent from my Droid
Article
The How-to Geek had a article on Android Trojans (like Viruses, but they pose as useful software.)
http://www.howtogeek.com/news/android-trojan-found-in-the-wild/2657/
and the L.A. Times reported this.
http://latimesblogs.latimes.com/tec...-phones-tablets-promises-better-secutiry.html
I'll have to look for it but, I had another link from a newsletter I subscribe to that includes a few tips on what to look for in a suspect app.
The biggest problem I see is most anti-virus software on the market is for phones, or tablets that have a phone number (aka 3G). Lookout Mobile Security would freak out because the gtab doesn't have IMEI associated with it. There was one I was using that the free version didn't care about IMEI until it got an update (sorry I don't remember which app it was). Now I'm using NetQin Anti-virus Free for the moment.
I'm always amazed at how an app will work fine on one machine and not at all on another.
Lookout works properly on my g-tab even through updates.
It must be tough being a developer.
Sent from my VEGAn-TAB-v1.0.0b5.1.1 using XDA Premium App
http://digitizor.com/2011/07/21/android-malware/
Android has had its fair share of malware problems. Whenever malware are detected, Google reacts swiftly and remove them. However, according to security researcher Neil Daswani, around 8% of the apps on the Android market are leaking private user data.
Neil Daswani, who is also the CTO of security firm Dasient, says that they have studied around 10,000 Android apps and have found that 800 of them are leaking private information of the user to an unauthorized server. Neil Daswani is scheduled to present the full findings at the Black Hat Conference in Las Vegas which starts on July 30th.
The Dasient researchers also found out that 11 of the apps they have examined are sending unwanted SMS messages.
Google needs to take charge
This malware problem on Android has become too much. One of the main reason that we see malicious apps in the market is because of the lack of regulation in the apps that get into the Android Market.
Sure, the lack of regulation can be good. It means that developers can make their apps without worrying if Google will accept their apps or not. It fits into the pre-existing application distribution model where anyone can develop and publish their own apps.
However, this comes at a price - the malware problem. Yes, most of the problems with these malicious apps can be avoided if only users read the permission requirements of the apps. But, what percentage of the users actually read the permission requirements of all the apps they download?
I think that it is time that Google make approval of the apps a requirement before it gets into the Market. They do not need to do it like Apple, but a basic security check before an app gets on the market will be nice.
If nothing is done about and this problem is allowed to grow, it will end up killing the platform.
Ur a good man
Sent from my PG86100 using XDA Premium App
Get an iPhone then.
Don't know if apple should approve or disaproove since that can slow down the release of new apps, but they need to check, that's for sure.
Yeah, just read permissions when installing applications. A lot of them will state access to personal data (such as contacts, browser history, etc.)
Such apps like MP3 downloaders contain ALOT of this malware.
if you're that paranoid.....LBE Privacy Guard + Droidwall = #winning
This article is very true in sense of lacking of control on big G part. My friend developed an app and he was able to get it into market almost instantly. I was very shocked to find that no scanning or checking was done.
Therefore, it's a risk that we take everyday to use these apps, specially, custom ROMs because who knows what it installed really. Users just need to be aware of their action, and don't use bank apps on rooted devices, or corporate email on rooted devices, or email yourself passwords to your online banking from your rooted devices. My thought is that, if it's out there then somebody can get it these days with all the technologies.
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
xHausx said:
A little bit of common sense when installing apps can go a long way. You stifle the market too much when you cater to the lowest common denominator but then if you don't you get stuff like this.
+1 on Droidwall too, great app. Just don't turn it on and then forget about it before getting it set up properly, it's a pain figuring out why you can't use the internet on anything lol
Click to expand...
Click to collapse
hahaha, was tryna to download a new app and wondering why it just stalled kept on saying, downloading..... downloading paused....blah blah!!! lol
turns out it was droidwall (even with market enabled) lol
Yea when a simple clock widget wants to read your contact, data and location but has no ads or settings, I avoided that one.
I prefer the risk of an open system to the purgatory that is a closed system ruled by a draconian company any day.
Oh look iOS does this too.
/troll
DoctorComrade said:
Oh look iOS does this too.
/troll
Click to expand...
Click to collapse
hah, they're at almost 50%
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
Any favorites recommended that work well with the pixel 3? Looking for a non-rooted option (for now).
Blokada is the best option I can find. It's available on f-droid as well as directly from their website. Totally free and very configurable. No root required as it's using the built-in VPN functionality.
WITH ROOT, the king is Adaway for sure. Simple, lightweight and works great.
WITHOUT ROOT I'd personally recommend DNS66. Blocks host names via DNS through Android's VPN interface. Without ROOT that's as good as it gets, or another app very similar like sirebral123 mentioned above. Both are available on F-droid site.
How about just using the Brave browser? Built on chromium, faster than chrome, doesn't track you around, and it has ad blocking built in. Available in the play store and I use it on my desktop as well.
Droid1019 said:
How about just using the Brave browser? Built on chromium, faster than chrome, doesn't track you around, and it has ad blocking built in. Available in the play store and I use it on my desktop as well.
Click to expand...
Click to collapse
That doesn't remove ads that appear in apps.
Blokada is working pretty well. Thanks. Any preferences on hosts or dns servers to select or add? I was able to download it here on xda labs app. Same version available in fdroid.
To people recommending VPN apps to block ads.... you realize you are then funneling all of your phone's network traffic through their servers, right? That would make me wildly uncomfortable.
GldRush98 said:
To people recommending VPN apps to block ads.... you realize you are then funneling all of your phone's network traffic through their servers, right? That would make me wildly uncomfortable.
Click to expand...
Click to collapse
They run a local VPN on the phone, there is no 3rd party server
Sent from my Pixel 2 using XDA Labs
Cares said:
That doesn't remove ads that appear in apps.
Click to expand...
Click to collapse
If I find an app i like and use on a regular basis, I just pay for it and that takes care of the ads for me and supports the developer.
Well I feel like a horses ass. That's actually pretty clever.
I use a combination of PiHole at my house/work and brave browser.
Droid1019 said:
If I find an app i like and use on a regular basis, I just pay for it and that takes care of the ads for me and supports the developer.
Click to expand...
Click to collapse
Everyone should sign up for Google Opinion Rewards. It's a great way to get money for the Play Store and is perfect for this exact scenario.
https://play.google.com/store/apps/details?id=com.google.android.apps.paidtasks&hl=en_US
Droid1019 said:
If I find an app i like and use on a regular basis, I just pay for it and that takes care of the ads for me and supports the developer.
Click to expand...
Click to collapse
There are public apps that don't offer a pay to remove ads thing like sports score apps.
You may wanna give "adguard for android" a shot, i have a paid version, works like a charm..
Droid1019 said:
If I find an app i like and use on a regular basis, I just pay for it and that takes care of the ads for me and supports the developer.
Click to expand...
Click to collapse
Yeah but not every app has a "pay to make the ads go away" feature.
I'm rooted but prefer using Adguard. Being to disable ads for individual apps or website is a plus. Also, the app has a feature to allow the use of custom DNS which I have changed to use Cloudflare DNS. The VPN it creates is a local VPN, data DOES not get funneled to their site. i've been using adguard for over 2 years and paid lifetime. They do have a free trial
I can speak to both options. My phone and my wife's (Pixel 3 XL and Pixel 3) are both rooted and use AdAway. My sons' two phones (Huawei Mate SEs) and their tablet (Samsung Galaxy Tab S2 8") are not rooted and each have a lifetime licence of AdGuard. I notice pretty much no difference in terms of what they block. I can't do an A/B spead comparison, but none of their devices seem adversely impacted by AdGuard. I very seriously considered going to the OP6T for my wife and I and going with AdGuard and no root since I am on T-Mobile and would have used the OG Pixel XL and Pixel both as trade-ins. My decision to stay with Google phones and root had nothing to do with ad blocking. In fact, the three devices with AdGuard are easy enough to root. The Mates are BL unlocked, and the S2 is pretty easy already. Any difference between AdGuard and AdAway is simply not worth giving them root access that they don't need.
How do the VPN ad-blockers (like AdGuard) affect battery life? I assume they use more than Adaway or other root methods.
dsmero said:
I use a combination of PiHole at my house/work and brave browser.
Click to expand...
Click to collapse
Me too. Pi Hole is really good. Easy to install on a Raspberry Pi and it blocks ads and spyware on all devices connected to your network. Should you encounter a web site which doesn't work it is easy to suspend Pi Hole for a predertermined time, or until you re-enable it. A nice little project on very cheap hardware. You don't need the most expensive Raspberry Pi either - but I would recomment connecting it via ethernet so if anyone is interested make sure you buy a Pi with an ethernet socket.
[emoji1360] i already buy it before two years with life license. Its amazing
sneilkanth said:
You may wanna give "adguard for android" a shot, i have a paid version, works like a charm..
Click to expand...
Click to collapse
Sent from my Pixel 3 using Tapatalk