Related
Is anti virus a waste or is it worth having it run on your phone?
waste......
MrGibbage said:
waste......
Click to expand...
Click to collapse
Why is that?
its a waste, when was the lest time u heard of someone getting a phone virus? lol, plus what are you downloading and running on your phone that might even pose a threat
I vote waste too, for current AV solutions. Like another poster said -- There really aren't any threats at the moment. It's real likely there will be at some point, but I see no reason to believe the current AV providers have any clue what these future hypothetical virii will look like. I'll trust an AV once it is written by a security researcher who has studied live Android virii. Until then they're just wasting resources.
I don't run AV software on my home computers or my phones. I am careful with the email that I open, and when I DL software, I try to be aware of where it is coming from. I am never the guy that that downloads something the day it comes out. If it is nefarious, I'll hear about it. Maybe I'm lucky, but I just don't see the need.
SMS Trojan for Android - http://www.theinquirer.net/inquirer/news/1727325/android-virus-spotted
They do exist just not on a Windows level lol. I'm sure they will jump in numbers as the popularity of the platform continues to explode. Currently, Lookout is one of the top rated AV apps, and its free.
BTW when you install the "SMS Trojan" it asks for permission to send text messages that may cost money.
TOTAL Waste.
Just read the permissions requests when installing apps.
Or go read up on how Android's app sandboxing works. Either way, nothing can harm your phone unless you explicitly allow it to. And if you allow a photo app to read all of your data, and send text messages and connect to the internet, you deserve what you get.
reuthermonkey said:
TOTAL Waste.
Just read the permissions requests when installing apps.
Or go read up on how Android's app sandboxing works. Either way, nothing can harm your phone unless you explicitly allow it to. And if you allow a photo app to read all of your data, and send text messages and connect to the internet, you deserve what you get.
Click to expand...
Click to collapse
Aint that the truth. Idiots need to pay attention to the Android Permissions screen and ask themselves "Why does this flashlight app need to read my contacts, google account and access my dialer, data connection and send SMS??"
Like others have mentioned, threat levels right now are so low that it doesn't warrant the use of money or system resources.
Some apps in the market that are labeled as such are just spam btw.
And also, we are far from a mass infection ala PCs. Just be very careful with what you download. Pay close attention to the permissions and use your very good judgement. If a music player asks permission to read/send/receive text messages and make phone calls, it's probably some type of malware.
jblade1000 said:
SMS Trojan for Android - http://www.theinquirer.net/inquirer/news/1727325/android-virus-spotted
They do exist just not on a Windows level lol. I'm sure they will jump in numbers as the popularity of the platform continues to explode. Currently, Lookout is one of the top rated AV apps, and its free.
Click to expand...
Click to collapse
WASTE ,..,.., hands down......
A virus that has to be manually installed by the user or creator on the host device ????? , and this is after all the warnings to the user before you press ok .,.,.,.,., never mind all the warnings telling you NOT TO DOWNLOAD outside of the market,unless you know what you are doing , download AT YOUR OWN RISK..... Not to mention the anti virus companies CREATING the need for you to install their app ... ever read some of the comments in the market about these "AV" apps ? > 'this app works great, protects my phone'<<<<<? protects it ? from what ???? WTF..
So yes I think it's a waste.....
People make viruses for a living so pretty soon someone will come out with a major one cause it being a phone means nothing its based off of linux and I know linux doesn't have any killer viruses but they do have some just not on a windows level. So ask it takes is one overseas a hole to create one just so he can get famous and then we will need an
Worth installing virus app.
O yea most people only read the permission when installing apps when they are new to android most people don't look at them.especially for apps they regularly use like handcent. Who know what they do with our info?
Sent from my Samsung Vibrant
hmmm lets see, would an app be able to slide in a permission without a warning? as in read contacts after installed but it never showed on the permission screen.
creglenn said:
People make viruses for a living so pretty soon someone will come out with a major one cause it being a phone means nothing its based off of linux and I know linux doesn't have any killer viruses but they do have some just not on a windows level. So ask it takes is one overseas a hole to create one just so he can get famous and then we will need an
Worth installing virus app.
O yea most people only read the permission when installing apps when they are new to android most people don't look at them.especially for apps they regularly use like handcent. Who know what they do with our info?
Sent from my Samsung Vibrant
Click to expand...
Click to collapse
None of that supports a need for an Anti-Virus. Android sandboxes each and every application on the system. It's not like any other Linux distro in how it handles security. It's MORE secure than linux. You can hack individual apps (and thus use their permissions - ie the browser), but that's quickly patched.
The biggest security threat to Android is the same as the biggest security threat for EVERY OS: Lazy users.
reuthermonkey said:
None of that supports a need for an Anti-Virus. Android sandboxes each and every application on the system. It's not like any other Linux distro in how it handles security. It's MORE secure than linux. You can hack individual apps (and thus use their permissions - ie the browser), but that's quickly patched.
The biggest security threat to Android is the same as the biggest security threat for EVERY OS: Lazy users.
Click to expand...
Click to collapse
Thats so true but im speaking on the basic users who dont need a dumbphone instead of a smartphone cause when/if a virus does come out those are the people who ill be flooding the forums. While we sit back and laugh.
everyone is talking **** about anti-virus for taking up resources, but i've found Lookout to be very unobtrusive. Also, besides virus scan, it will locate your phone, send a siren to your device, backup your info, all at schedules you determine.
jamesey10 said:
everyone is talking **** about anti-virus for taking up resources, but i've found Lookout to be very unobtrusive. Also, besides virus scan, it will locate your phone, send a siren to your device, backup your info, all at schedules you determine.
Click to expand...
Click to collapse
Sure, those are a few reasons to keep Lookout installed. But I don't need it scanning all my files for threats that don't exist yet and it probably wouldn't recognize anyway. Fortunately, the AV component is optional.
i need a app for my daughters phone edited because she is pretty savvy with the android operating system, the app is the covert install for accutracking.com tracking agent when it installs it shows up in the apliocation manager as atapp, not real knotisable but she i think she would uninstall it just cuz she doesnt know what it is, there is no icon in the drawer and lookout doesnt find it, what i need it to do is most importantly install as com.google.android.contacts.sync or something of the sort that looks like a system file, and secondly if possible i would like it to install in the system partition like the amazon mp3 app, so it is hard to remove this second request is not must just a idea i'll pay $20 paypal as soon its done the original file is here let me know if your starting on this project so there isnt a bunch of people trying to compleate this for me, i will post in this thread when the project is started so not to waste peoples time
thanks
Dave
Id love to help, but I don't have the knowledge to, and if she's saavy, then she's probably rooted, and might actually browse these forums. She'll also likely turn off location services to conserve battery, like I bet most people do. If its not open source, im pretty sure it'd be against this forum's rules.
Sent from my Liberated Droid 2
it is rooted but thats only because i nrooted it for her and i did ask for permision to alter the app
Modifying closed source apk are usually frown upon. Using apps to track other people unknowingly can be illegal on some places. For those reason I decided to close this thread.
Cheers
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
There are viruses for Android.....right ?
Besides , if you're smart enough you can check whether an app needs such permissions when installing , through the Mart or an .apk .
I don't like the way iOS works , they give too limited functionality .
Forever living in my Galaxy Ace using XDA App
the_main_app said:
I posted this in another forum but I want to know what you guys here think about android security.
How worried are you all about security on the android platform? Don't you find it a little unnerving that anybody could upload and app to the android market and there is no verification of the app like on IOS platform. Anybody could write an app that looks legit but does devious things. All this along with there are very very few security applications and they are in the infant state. Don't you find it very dangerous? How do you try to maintain security on your android device? Don't download apps? Only download from known publishers? Or do you roll the dice and download anything? If you use a security app which one?
Click to expand...
Click to collapse
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
very well put, unfortunately most dont think like this..
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
hiitti said:
I think the best thing would be if android embraced that the user can choose which permissions to give to apps. I mean, an app may want to know your location, you denies it, and the app continnues happily without using that functionality, or quits saying its essantial.
Click to expand...
Click to collapse
But, as a matter of degree, this just what we wish. The fact may be far beyond our imagination. Sometimes, malware still run certain functionalities even you cancel it. It's worse that some apps run secretly in system. I'm a little scared about security issue based on my PC.
cobraboy85 said:
i dont use a security app, i use common sense.
a game doesn't need access to my contacts...
notepad app doesn't need access to my private information...
this is why android phones are for the power users and shouldn't be used by soccer moms and grandmas - because they have no clue what they are doing with these phones except for when a phone call or text message comes in... let them have the iphones.
but if you are tech savvy, and want to squeeze every bit of user capability out of your phone, a high end android phone is for you.
the people that are tech savvy also have the awareness because they treat their phone like a computer, and not a phone.
just my thoughts.
Click to expand...
Click to collapse
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Prof Peach said:
I never take the time to study the permissions required when I download an app from the market.
I tend to avoid the low number of d'load apps..... partly as there is less feedback to judge.... and partly as any app thats worth the download will have high stars and many d'loads.
Works for me so far.
Netquins running in the background just in case...... but whose to say they dont upload my contacts for spamming?
Click to expand...
Click to collapse
But what about new apps that may be legit? They won't have any reviews yet or stars. If everybody did the same as you it would never get reviews or stars? There's got to be a better way, don't you agree?
the_main_app said:
But a game might ask for internet/network permissions which you would probably accept. How do you guard against this? How can you prevent a malicious app that asks for relavent permissions but abuses them?
Click to expand...
Click to collapse
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
johncmolyneux said:
That's the only question above that can't be answered by LBE Privacy Guard.
Someone mentioned a game that wants access to your contacts. What if you really want the game? You just don't allow it access to your contacts and then play it anyway.
Most apps ask for access to your IMEI (you'd be surprised how many!) With LBE they don't get it.
Antivirus software is all well and good, but it's not the same as on a PC where pattern matching can be used. AV software on Android basically opens the apk file and has a look round to see if anything looks suspicious. Other than that, there's nothing it can do to stop a clever developer bypassing it.
Seriously, if you have concerns then get LBE and start restricting permissions access on an app-by-app basis.
Click to expand...
Click to collapse
this.
i was JUST about to say the same thing about the android "anti-virus" scam... not really a scam, but a false sense of security. as you said, not the same at ALL. people need to get out of the PC mindset with these phones. this is not windows, it's linux.
and i'm going to give LBE a shot. seems pretty legit.
for all of those running antivirus "software" on your phone, how many of you have actually run a virus scan and had it give a detailed description of a malicious "virus"....
Liking lookout
Sent from my GT-I9100 using XDA App
ummm, anyone ever heard of antiviruses (Kapersky, maybe?)? Or at least look up the app's access to things... If it accesses something you don't want it to access (or think the app doesn't need to access it), don't install it!
I know out-of-the-box Androids aren't so vunerable to viruses, compared to rooted ones... So...?
First look up the developer of the app, then if you trust him, install, if you never heard of him, google it (or look at the comments at where you're downloading from), and if you had experience with the developer before (and if the experience is bad, like trojans, etc.), don't install!
(I don't understand half of what I'm typing XD...Don't blame me for misspellings, please )
Cant say I can rave or not when it comes to the anti virus apps.
Have used Lookout in the past and currently using netquin.... neither of which ever flagged up a virus, malware or whatever.
Its nice to think its running in the background but dont know whether it will do anything if its needed.
I was tempted to download a load of apps in a zip file but 20 secs in my Avast siad there was a virus. I'd like to think the market would have its own precautions but having searched the site, cant see any mention of its security for the apps we download.
Its a different thing altogether but we cant take the fact that its the market and relax...... the worst virus my laptop ever had came in an update from Microsoft...... and another directly from google tools.
Kapersky for Android then? You can pick up free full non-trial versions on the web...
About the Market - yes, that's true. You'd expect them to check if apps are infected or at least leave a bot to do it...
Sorta lame...
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Zeze21 said:
The best security is the brain.akp just like brain.exe is on windows - best thing it's free, godgiven and everyone got a copy
Click to expand...
Click to collapse
yeah but not everyone got the full version. A few of my friends got a corrupted exe and then this girl I know got the 30 day trial
not that good
Prawesome said:
It is always a good habit to check the permissions an app needs before installation.I personally think that a system should be implemented in android market where all apps are erquested to give informaation on "Why they need certain permissions?".Certain apps do that.
An antivirus program is also useful in my opinion.I use Lookout antivirus,as i find it simple to use and does not slow down my phone.I tried avg but it slowed down my phone terribly.
Click to expand...
Click to collapse
I have both Lookout and AVG, neither has stopped my phone from getting up to 10 junk downloads, you have won an ipad, iphone etc., a day, not sms or email, I have to have every form of external contact turned off, the moment I get wifi or mobile access it starts downloading spam.
If anyone knows of a way to stop it I would appreciate the feedback
Moved to proper section
Hey,
When I turned on my phone the RAM it was taking was 300 MB, after a days use it is now 500MB (even after pressing 'clear RAM' button).
I've entered Settings->apps->running and it shows only two small things (the keyboard and some weather widget) which combined take only 20 MB.
So what is the rest of the memory is beign allocated for?
Thank you.
Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications
pc103 said:
Does your rom have Usage Manager in the app drawer?
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
No, the closest I have is "Task Manager".
lenovoOwner said:
Here is the path to all your applications.
Settings -> Apps --> Swipe left until the menu Running --> On top you see the description "Show cached processes", klick on it --> now you see the rest of the running applications
Click to expand...
Click to collapse
Thank you, indeed I see some more RAM guzzlers, but It seems like they make up most of the addition but not all of it ... plus funny thing, when I try to close everything (in 'running' and 'cache) and I reenter- here it is there again...
1) Can I see all of the elements that take up my ram (the system as well)?
2) Can I close them properly?
Thank you very much.
PS. Is there some comfortable way to jump between apps? Like in the Iphone where by pressing the 'Home' button will show you a bar with a row of icons of the currently active processes....
For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
pc103 said:
For your PS question, it's a long press on the Home button (below the GS3 screen).
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
LOL {hit myself on the head}, didn't occur me to try...
pc103 said:
---------- Post added at 10:14 PM ---------- Previous post was at 09:45 PM ----------
Click to expand...
Click to collapse
pc103 said:
The closest app I'm running to that option is Android Tuner Free. I got it for its storage optimization functions.
The busy interface has a learning curve, but it is a comprehensive & poweful app. I recommend Advanced mode & the One Click home screen.
For what you want, see both the Tasks & Kill All tiles. The first is a Task Mgr., the second is a quick 1 click. The app can teach a lot about what runs & why. It also offers a lot of fine control.
I also use the root app Startup Manager which is self explanatory & efficient.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
Click to expand...
Click to collapse
I was hoping there is a way to avoid using apps...
Ok, I suppose it opens another question which I thought about creating a new thread for, but if the opportunity already arose...
How do you actually know if you can trust an app?
I'm kinda new to android and I'm much more used to the opennes of windows, also I'm pretty paranoid (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...
oy-ster said:
How do you actually know if you can trust an app?. . . (a cellphone contains information 100 times more sensitive than a PC (At least my PC is like that)). I look at the permissions every app want to have and I'm simply aghast, I know of the logic behind those requests (at least for most of those I've seen) but I have zero transparency over what actions the app takes.
That really stress me a great deal...
Click to expand...
Click to collapse
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.
pc103 said:
Digital Privacy
Well it certainly stresses the last remaining fiber of your privacy. I just watched the latest "60 Minutes Overtime" piece on data brokers framing this as a lifestyle issue. Step back from the small screen & consider that your actions on board the PC have a ripple effect on your smartphone. "NAI Opt out" & "Disconnect software" are useful PC search words.
Where it Went
I rarely hear from a tech guru or even a lawyer who can decipher a EULA, TOS or Privacy agreement they didn't author themselves; yet online, we are steeped in the cumulative concessions we have accepted from them and the affiliates and partners they enable for.
The Biggest Brother?
Google is a data harvester, not a broker. They are the custodians of much of our imprint online across all platforms. check your settings accordingly; within each Google service / app/ platform you use and adjust them to taste. Know, for example, that persistent login to Gmail will append any collocated G-Search activity to your G profile if Web Data | Web History remains on. I read recently that simply joining Plus has a similar but more comprehensive effect by default, by unifying the G tracking across your entire electronic imprint.
Android Permissions
Yes. The most invasive part of Android is its permissions free for all. They are demands, not requests that each app poses. The logic is sometimes one sided and self serving to the developers at our disadvantage. What can we do?
1. Know something about your developer. XDA membership in an app developer helps define their role in a community. Check their website, reviews, accessibility, postings etc.
2. Consider lower permission alternative apps listed in the play store.
3. For each app you review in the Play Store, (have you checked play store settings yet?) assess its longevity in the marketplace to decide if you are willing to be an early adopter.
4. Resist resorting to apps to broker built-in functions your system already has. Learn your OS.
5. Weigh the logic of each permission demanded, based on risk / reward and your intended uses. Example: On my phone Google search leads the field with 59 permissions. App Permisssions by FSecure is in the low end group with zero. How do I know? App Permissions. What can I do? More on that later.
6. Debloat. I have frozen over 60 apps/services/processes using a combination of tools ranging from built in (no root) Application Management to Startup Manager and the App Quarantine app.
7. Don't be lazy about toggling settings as needed. One stock default has the GPS always enabled which may not be necessary for you.
8. Learn about the types of location services in your OS. Check location settings in affected apps and consider toggling location services as needed. Apps will prompt if the needed service is off when you use them.
9. Review your synch settings. Mine are off on the OS. I use a 3rd party mail app and manually back up contacts using Super Backup when needed.
10. Review background data settings. they are visible in Settings / Data usage, by selecting Mobile Data, and scrolling to the list of apps to tap through each and set Restrict background data if appropriate. It saves battery by reducing tower hunting and focuses you on which apps pose the highest demands.
I promised more. Learn about App Ops if you haven't. I have the luxury of running a 4.3 version that supports it so I can use a client app to filter and toggle various permissions on a per app basis. There are other, and perhaps more thorough approaches to this but I'm staying with this one for now.
Click to expand...
Click to collapse
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
thx.
PS. my version is 4.1 but I'll see what I can do about Appops.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?
oy-ster said:
Thank you very much for the comprehensive reply!
Indeed some of the things here are common sense but some were fairly new to me, like the close contact you are suggesting with the developer.
I have to ask though, what reviews are you reffering to? the ones in the app market or the ones on here? Also, from what I have seen in the play market, all of the reviews are about functionality but no one actualy checks the veracity of the code.
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Like for instance some song recognition&download software that requires internet access permission (makes sense) and SD card access permission (also makes sense), but besides doing what it does (in a splendid manner, leaving tons of happy customers) it also steals your Whatsapp chat logs (just read an article about that breach 10 mins ago)...
How can people catch on that (otherwise the app will linger for 2 years, giving you the impression you're not an early adopter)?
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
Hrmph, you have given some very sound advice which I obviously intend to follow through and for that I thank you. However it seems to me like the underlying foundation is still trust in the publisher (not to abuse the permissions you had to enable for functionality sake), and the trust should stem from how well the author presents itself to the community. I suppose it is the nature of the beast, it is just that if I were to sneakily attack someone I would make sure to present myself in th best way possible .
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
PS. my version is 4.1 but I'll see what I can do about Appops.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
P.P.S I just searched for "Tasks" on google market and all I see is an organizer. Did you mean "Task Killer"?
Click to expand...
Click to collapse
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.
I forgot to mention. 4.3 I'm running is on the 4.1.2 bootloader, completely avoiding lopsided knox security. I hope I didn't appear to recommend the OTA update. That's a personal choice.
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
pc103 said:
Quote:
Both sources really. There's no hard & fast divide as to what aspect reviewers might respond to at either venue. More often, Play Store reviews have alerted me when my device or my Android version gets poor results from an app. Granted code integrity issues are raised more frequently at XDA.
Interesting example. I will look for the article. I wonder if the app declared that permission in their Play Store disclosure. If not, it challenged Google's policing system. I read somewhere that SELinux in newer ROMs, set to "Enforcing" brokers applicable policies from each host domain and also restricts apps from exceeding their declared permissions. (See also my note on 4.3+ below)
You're welcome! Placing that trust is ultimately a leap of faith, so we ask ourselves:
Does my configuration already offer this function at the OS or existing app level?
Can I justify each declared permission here?
Is there a less invasive equivalent to this app?
Have I gone over the settings thoroughly once installed?
What does my installed anti-virus say about this?
Do I need this to auto launch or only on demand?
Is it using excessive data or uptime as I monitor?
Am I getting all the Android security I could be with my current rom image?
You get the picture. Common sense, best practices & due diligence can go a long way toward closing the security gap.
Google only exposed it (to client apps like App Ops Starter) in 4.3 & 4.4.0, before & after that I believe an Xposed Framework module is the main alternative.
Click to expand...
Click to collapse
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
pc103 said:
The "Tasks & Kill All tiles" I referred to appear on Android Tuner Free's One Click advanced mode home screen. BTW certain apps on my phone are "frozen" when not in use.
Click to expand...
Click to collapse
Oh. Got it.
Anyway, Thank you!!!
oy-ster said:
Thanks again!
I just wanted to note that after spending some time here in the forum( http://forum.xda-developers.com/android/apps-games/ ) looking for some intresting picks, I haven't actually encountered much comments from people that actually went over the code... so I'm a bit bummed out. :silly: :laugh:
...Anyway, Thank you!!!
Click to expand...
Click to collapse
You're welcome. To be fair, most times I've seen postings by people who background checked code it was in rom threads, or over root exploits or security apps. In most other cases due diligence is our best defense.
Hi there everyone,
since I was pretty interested in reading latest XDA article 'Baidu browser found to be leaking. etc', and I was also into the constant research of the best settings for Amplify Xposed Module for my RN2 Prime, running Jan 7 Bule's cm 12.1, I was pretty curious to know more about a massive battery drainer system app named 'ckservice.apk', aka package name Statassistant.
Shortly (read more detail on my on my original post: http://forum.xda-developers.com/showpost.php?p=65566921&postcount=8201), this app constantly asks for position, and, I found it to be a BAIDU app "download advertising without the user's knowledge to the notification bar."
So, I have AdAway since.. always, and that means there is no Advert message ever popping up on my RN2, - yet, its Alarm 'com.ck.services.intent.ACTION_ONEMIN_TICK' was acting obsessively, always topping Amplify stats: initially I gently limited it through Amplify and denied permissions through Privacy Guard: currently, I've frozen this app I've removed it! (cfr http://forum.xda-developers.com/showpost.php?p=65567564&postcount=8206): no collateral effect happened, - only good battery life. And maybe a sip more of privacy.
I do not know if this app is also present in MIUI, but I guess so.
If You know more than me about this app, and I'm sure you do, please, share.
More about my experience, here http://forum.xda-developers.com/showpost.php?p=65566921&postcount=8201
One 'ckservice.apk is a trojan!' here https://github.com/Silentlys/android_device_tcl_q39/issues/4
Peace out.
"it was, download game apks not in foreground, and after some times updating, it has less sharpen within trojan. usually use it as a rom-flash counter..i decompiled this apk before.". It's safe guys. And we can uninstall or freeze it if we want ?
sleizi said:
"it was, download game apks not in foreground, and after some times updating, it has less sharpen within trojan. usually use it as a rom-flash counter..i decompiled this apk before.". It's safe guys. And we can uninstall or freeze it if we want
Click to expand...
Click to collapse
Please, define 'safe'... anyway, it was a total battery drainer, alarms always at top.
Anyway, you can remove it safely, no collateral effects.
I'm amazed that there has not been more posts on XDA given that the Baidu APK / Moplus APK put rooted users at particularly high risk!
http://www.engadget.com/2015/11/02/bunk-baidu-sdk-puts-backdoor-on-millions-of-android-devices/
Things are only partially fixed but I don;t trust Baidu anyhow (or Cheetah, or any of those Chinese app companies due to the govenrment) as it seems quite obvious to me the CHinese Government has got their finger in there and it and other apps are compromised so that the Chinese Government can easily spy/gain data on those people they want to, I've uninstalled one of my favourite apps ES File Explorer due to this.
see updates at the end
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
IronRoo said:
I'm amazed that there has not been more posts on XDA given that the Baidu APK / Moplus APK put rooted users at particularly high risk!
http://www.engadget.com/2015/11/02/bunk-baidu-sdk-puts-backdoor-on-millions-of-android-devices/
Things are only partially fixed but I don;t trust Baidu anyhow (or Cheetah, or any of those Chinese app companies due to the govenrment) as it seems quite obvious to me the CHinese Government has got their finger in there and it and other apps are compromised so that the Chinese Government can easily spy/gain data on those people they want to, I've uninstalled one of my favourite apps ES File Explorer due to this.
see updates at the end
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
Click to expand...
Click to collapse
Yep, I did the same with ES File Explorer, I've been for years a die hard fan of this app, but, then I discovered there was suddenly - after app updates on updates - now a log file (with position and ID) sent to a Chinese server, automatically created each time I would have opened the app, which frankly pissed me off, plus, there was a related Alarm (or wakelock), - at stellar values (dxcore something, and service com.estrongs.android.pop.ESFileExplorer - can't remember exactly right now, since I remove the app), pretty visible on Wakelock detector and un-stoppable through Amplify.
So, bye bye Es File Explorer, and thanks for all the fish.*
*I don't mind if people find this 'little issue with privacy' laughable: I agree fully with what written here http://acurrie.me/2014/11/03/how-to-find-spyware-on-your-android-device/ - pretty underrated as issue, if you want my two cents.
IronRoo said:
I'm amazed that there has not been more posts on XDA given that the Baidu APK / Moplus APK put rooted users at particularly high risk!
http://www.engadget.com/2015/11/02/bunk-baidu-sdk-puts-backdoor-on-millions-of-android-devices/
Things are only partially fixed but I don;t trust Baidu anyhow (or Cheetah, or any of those Chinese app companies due to the govenrment) as it seems quite obvious to me the CHinese Government has got their finger in there and it and other apps are compromised so that the Chinese Government can easily spy/gain data on those people they want to, I've uninstalled one of my favourite apps ES File Explorer due to this.
see updates at the end
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
Click to expand...
Click to collapse
Try Solid Explorer
Sorry for offtop.
oldslowdiver said:
*I don't mind if people find this 'little issue with privacy' laughable: I agree fully with what written here http://acurrie.me/2014/11/03/how-to-find-spyware-on-your-android-device/ - pretty underrated as issue, if you want my two cents.
Click to expand...
Click to collapse
Yes, that fact this has been a known issue for a while but no attempt to fix it 100% (think it was the trendmicro blog that suggested a backdoor would still be able to be opened even after the latest updates, that's why I think it's the government). What I really want to find is a FULL list of all the apps that have been made with the Baidu SDK / Moplus SDK as I'm sure many written by app devs in far east (no doubt some Western ones too) will have them for Chinese advertising etc, I know I have apps from devs in Hong Kong & Korea at the very least, have they used these SDK? Also I have some friends in Hong Kong who I know have made comments against the CCP...... have they been traced, recorded, tracked etc