Oh, two companies that sell antivirus software are issuing hysterical warnings about mobile malware. I can't tell if this is an article or advertising copy.
> now would be as good a time as any to choose an antivirus app.
I install pretty much nothing on my Android phone any longer. I wouldn't trust some binaries from a random site on the internet offering software, why trust the Android Market? On a desktop OS, would you browse through awesomefreesoftware.example.com and install anything that caught your eye? No... so, why would I do that on my phone? Google doesn't appear to do any sort of quality control other than perhaps responding to reports. Clearly Apple's method, while onerous in many ways, has advantages.
99% of my apps require 0 permissions. I really believe that a lot of my success comes from this.
I never download anything that requires anything other than the Internet permission, maybe Location, and sometimes SD Card modifications (though I hate that one too).
Some of my competitors that are completely free ask for phone identity, contacts, etc, and yet they are soaring to the tops of the ranks.
People are downloading anything, and not worrying about anything.
Unfortunately, the average user still has the mentality of "So, I have nothing on here they can get". Which is obviously idiotic as the hacker will use YOUR phone to do something illegal possibly. I don't know why people don't get this???????
I don't think the average user knows that they are supposed to pass-up installing an app if it requests excessive permissions. I had to teach my friend to specifically look at the permissions requested when installing apps.
"This application requests permission to read phone state and identity." <-- That sounds so harmless to most people.
If it said "This application requests permission to retrieve your phone number and your full name and send it over the internet to a 3rd party company", then they might be inclined to pass up installing the app.
Incredible. I took a look at the market just now, it's indeed the dodgiest applications that ask for the most permissions. One that downloads N64 images asks for phone state and identity.
Right, in addition to privacy/security concerns for anything you access through the phone, having an always on, always connected, powerful handheld computer being part of a botnet would be pretty bad.
The malware Google removed a few weeks ago was apparently trying to get the phone's network ID numbers, wasn't it? So who cares what you have on there, they want to steal your phone's identity!
Given the history of Windows, it's not surprising that the average person has no idea about security and installs anything willy-nilly. One might think that Google would have taken heed of that... instead, it seems like we're going to end up with phones running anti-virus that are getting compromised constantly. They weren't kidding when they said Android is the Windows of mobile phones.
It lists it based on an automatic scan of which APIs the software uses. However, it can't tell if there's dead code and the package doesn't actually use a certain permission, or if there's an additional permission process within the app, etc.
The permissions listed seem to pertain to the uses-permissions in the Manifest.
If the Manifest doesn't request these permissions, and they aren't allowed, they won't work. If I don't put the Internet uses-permission in my Manifest, then any Internet calls I make won't work.
I'm not sure about awesomefreesoftware.example.com, but download.com, tucows.com, etc used to be hugely popular sites and they had similar automated publishing mechanisms (I published my first shareware app that way, i apologize for that). Some of those had much worse problems, albeit leaning towards bloatware and annoyware for sure.
Caution is a good policy, but it shouldn't cripple your usage of a device. Use reviews and word of mouth to gauge the legitimacy of an application. Steering clear of "free tv shows free" makes sense, but not installing Facebook or Twitter seems silly overreaction.
I've installed a lot of apps, and Android is a great platofrm for that. I just wish it was more 'go wild, install anything you want, it's actually reviewed!' like the iPhone... the problem is Google's lack of administration for the Market. Maybe Amazon will do it better?
Like on Debian or Ubuntu, you have the packages reviewed/compiled by the company, and the ones that are not. It would be nice if Google put forth an effort to at least have a 'reviewed and likely to be safe' area. As it is, I have to find software through other methods, like reviews or such on the web, and determine whether the vendor is trustworthy.
> now would be as good a time as any to choose an antivirus app.
You don't say...