Comment buried. Show
1. chas_m

   Fresh-Faced Recruit

   Joined: Aug 2001

   +5
   07/28, 11:12pm | report spam | close reply

   HA HA!

   Okay, no I'm not really going to be that snotty ... j/k Android, we love ya ...
   
   I do hope this won't affect the iPhone market (heads up: jailbroken iPhones are at a higher risk), and I hope Apple sees this story and takes steps to make sure it doesn't happen here.
   
   We already saw what happened when other companies ignore and issue then it bites Apple ...

Comment buried. Show
1. Salty

   Professional Poster

   Joined: Jul 2005

   +10
   07/28, 11:41pm | report spam | (1 reply) close | reply

   The nice part about being open

   The nice part about being open... it makes it far easier for people to sneak in malicious stuff!

Comment buried. Show
1. dmsimmer

   Fresh-Faced Recruit

   Joined: Feb 2005

   +30
   07/29, 01:44am | report spam | close reply

   Motorola Droid X

   No jacket required... but you better wear a condom.

Comment buried. Show
1. DA360

   Fresh-Faced Recruit

   Joined: Dec 2009

   +10
   07/29, 04:54am | report spam | close reply

   Damned if your open, Damned if your closed

   I noticed the whole "Open or Closed" thing seems to be a lose, lose situation. If you stay closed, like Apple, you lose in the fact people complain your "too controlling". If you stay open, like Android, as this article shows you let in malware, viruses, phishing software and it will get to the point where there will need to be a "Norton Antivirus for Android".
   
   But my personal opinion is I rather the company be considered "too controlling" than have viruses flooding my cell phone.

Comment buried. Show
1. IxOsX

   Fresh-Faced Recruit

   Joined: Feb 2009

   -14
   07/29, 05:51am | report spam | close reply

   Obvious lots of you don´t know what is open!

   Obvious lots of you don´t know what is open! Open philosophy is the most secure of all because every one (code developers and security analysts) knows what is running.
   
   For me Android is not a truly open platform. The only openness they have is toward their OS. To be Open, all software and source have to be public. Android App Store software is as close as can be...
   
   So people! Don't talk about what you don't know.
   
   I confess that I don't know witch is more secure. My feelings say to me that in this moment iPhone OS without Jailbreak, looks much more secure to me than Android OS. But we never know! Let me just remember you that someone have already created a Light Application to Apple Store that could do other tricks that Apple had not detected. :-)
   

Comment buried. Show
1. Fast iBook

   Fresh-Faced Recruit

   Joined: Mar 2003

   +4
   07/29, 07:21am | report spam | close reply

   Backgrounds...

   If you need an app for backgrounds, you're using it wrong. Thankfully there are tens of thousands of iPhone backgrounds online, so you never need to waste space, and possibly money, on an app that does really nothing.
   
   - A

Comment buried. Show
1. CmdrGampu

   Fresh-Faced Recruit

   Joined: Aug 2009

   -7
   07/29, 07:54am | report spam | close reply

   iOS isn't really secure

   I'm not sure we have reason to be smug. Does Apple actually sift through the source code during the approval process? I would guess they don't, which is why that flashlight app with the secret tethering function got through a week ago and Apple had to quickly yank it from the store.

Comment buried. Show
1. qazwart

   Fresh-Faced Recruit

   Joined: Apr 2001

   +5
   07/29, 09:08am | report spam | close reply

   You Don't Need the Source Code

   Apple doesn't have to shift through the source code to catch something like this. They can see what APIs are being accessed and how they're being accessed. They can check to see if the application itself is calling home and what information it is sending.
   
   Lookout didn't have the source code, they just watched what the app was doing. The iOS APIs also limit what you can do too.
   
   Of course, the problem on the iPhone is if somehow an app like this did escape, there are few tools for a security firm like Lookout to examine the app themselves.
   
   Fortunately, both platforms allow the manager to pull viral apps from their customer phones. That is, if these apps came from their stores and not a third party store.

Comment buried. Show
1. testudo

   Fresh-Faced Recruit

   Joined: Aug 2001

   -10
   07/29, 09:51am | report spam | close reply

   Re: You Don't Need the Source Code

   Apple doesn't have to shift through the source code to catch something like this. They can see what APIs are being accessed and how they're being accessed. They can check to see if the application itself is calling home and what information it is sending.
   
   No, they can't. All they can do is run the apps to see what it does, and try to reverse engineer the app to see what APIs it calls. But anyone who's good at programming can bypass these if they want.
   
   And you can only see if they're calling home and what info they are sending if (a) the program calls home during the testing process, and (b) the information is readable during that process. It isn't hard to have the code not call home until a period of time or check to see if you're really on a phone.
   
   Of course, the problem on the iPhone is if somehow an app like this did escape, there are few tools for a security firm like Lookout to examine the app themselves.
   
   Somehow implies there aren't a ton of these apps all over the place. Without the tools to examine the apps, how can you be sure half the apps you have aren't sending content back to servers?
   
   And such an app did recently 'escape'. Do you recall the recent 'flashlight' app that had a backdoor that allowed people to enable tethering on their iPhones? How did Apple miss that?

Comment buried. Show
1. testudo

   Fresh-Faced Recruit

   Joined: Aug 2001

   -14
   07/29, 09:58am | report spam | close reply

   Only goes to show

   The very first thing Apple needs to do with OS X 10.7 is close down this absurdity of being able to install any program you want. Every piece of software should go through Apple for approval, making sure it follows all UI guidelines (so goodbye MS Office!), uses only approved APIs, doesn't send personal information out over the internet, doesn't hack the system or allow the user to change the UI or perform any task which is against Apple's belief system, and any of the other controls that exist on the app store.
   
   Or does the fact that you could download an app on your Mac and have it do basically the same things, including grabbing personal and financial files and all the other fun stuff you have in your Users folder.
   
   But I'm sure no one would ever write, let alone download, such an app for OS X or Windows. Nah, it's only a problem on smart phones!

Comment buried. Show
1. testudo

   Fresh-Faced Recruit

   Joined: Aug 2001

   -4
   07/29, 10:14am | report spam | close reply

   Security and Android

   One thing missing from this discussion is that, on Android, an App has to tell the user what services and data it will access before you give it permission to run. As written in another article:
   
   "Not only must each Android app gets users' permission to access sensitive information,
   
   So it isn't the OS that is insecure and data is exposed, it's users not paying any attention or caring that a background app wants access to this information.

Comment buried. Show
1. elroth

   Fresh-Faced Recruit

   Joined: Jul 2006

   +3
   07/29, 11:16am | report spam | close reply

   oops

   You're hilarious, Testudo. You can turn a story about serious real-life defects in the Android system into ragging about how Apple is theoretically somehow worse.
   
   Here's an article, written before this latest wallpaper fiasco, about other Android issues:
   
   http://seekingalpha.com/article/217277-when-closed-is-better-than-open-apple-vs-google?source=nasdaq

Comment buried. Show
1. testudo

   Fresh-Faced Recruit

   Joined: Aug 2001

   -2
   07/29, 01:04pm | report spam | close reply

   Re: oops

   And only the Android-haters would ignore that the users are allowing this access, while iPhone users rely on Apple that the programs won't access information, since they don't get asked what to have access to.

Comment buried. Show
1. CmdrGampu

   Fresh-Faced Recruit

   Joined: Aug 2009

   +1
   07/29, 06:04pm | report spam | close reply

   @ qazwart

   That would be a poor way of doing things. Pretty easy to bypass. For instance, one could write a logic bomb. Let's say I wrote a countdown app to the Avengers movie, with a few extra functions so it passes Apple's minimal functionality requirement. It would need access to the device clock to track the days, so Apple wouldn't think that was suspicious. I could code it to lay dormant until about six months before the release. Apple would never catch it by seeing what APIs are in use because it's not doing anything bad during the testing and approval phase and I doubt they continously test all apps after that. So six months before the movie's release, it triggers and begins collecting all your information like passwords, PIN numbers, account numbers, etc. but doesn't transmit it so nobody is any the wiser. Then on the day of the premiere, it blasts all that info to my server and goes into permanent dormancy so nobody knows they've been compromised while I sell all that info to identity thieves. After that, it's too late for Apple to do anything because I'd be on my way to Aruba.

Comment buried. Show
1. patrix

   Junior Member

   Joined: Sep 2006

   -1
   07/29, 09:46pm | report spam | close reply

   sigh

   security firm says there'S a huge problem, gets facts wrong, etc.
   
   Sounds like the claims of Mac viruses.
   
   Seems this whole thing is blown out of proportion and just Lookout trying to create some buzz for their own security apps.... sigh!
   
   can't trust news/blogs/tweets nowadays.