Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Cellphones Crime Handhelds Privacy

Smartphone Malware Planted In Popular Apps Pre-sale 42

An anonymous reader writes with news from The Stack that makes it a little harder to scoff at malware on phones as being largely the fruit of dodgy sideloaded software, game cracks, et cetera. They report that even phones marketed as brand new, from well-known brands like Lenovo and Xiaomi, have been tampered with and "infected prior to sale with intelligent malware disguised in popular apps such as Facebook." (To U.S. buyers, those makers may be slightly obscure as cellphone vendors; the scheme this article addresses involves handsets sold by vendors in Europe and Asia, involving more than 20 different handset types.)
This discussion has been archived. No new comments can be posted.

Smartphone Malware Planted In Popular Apps Pre-sale

Comments Filter:
  • Are smartphones going to become like PC's such that malware scanners will have to scan them 24/7 and make them slow to crawl and use up all the battery? Some blame this on Windows' design, but it seems the more ubiquitous an OS, the more its targeted by malware makers, often by dangling tainted carrots in front of users.

    • Hey, even some well known top brands have done this.

    • by Anonymous Coward

      It has nothing to do with windows, apple or linux (android), and everything to do with market share, as you indicated. The more popular an OS, the more of a target it becomes. With apple and windows you have, for the most part, 1 os to deal with, the differences being so minor that you can edit 1 text file on your windows 7 install disk to gain access to home,pro and ultimate, regardless of which you thought you bought (your win7 home serial will NOT activate anything other than win7 home, sorry.)

      With lin

    • by ihtoit ( 3393327 )

      They're there already. There're onboard AV suites for smartphones and enough processor power to run them in the background. It's ridiculous, there are phones out now that are more powerful than my four year old LAPTOP. What the fuck do you need to make a fucking phone call??

      • there are phones out now that are more powerful than my four year old LAPTOP. What the fuck do you need to make a fucking phone call??

        Smartphones are not really primarily phones. They're small tablet computers that happen to be able to make calls. The phone feature is almost incidental since 90%+ of the time they are used for other purposes. I spend maybe 1-2 hours talking on my smartphone each month and probably 20+ hours doing other stuff with it like reading news, checking email, taking pictures, etc.

    • This story is about another Android problem. iPhones are not affected. They don't ship with crapware or malware.

  • It's still dodgy side-loaded stuff, it's just been put on by the people who sold it to you.

    Which is why the owner of the phone needs to have the ability to uninstall any damned app instead of having shitware put on my the carrier or vendor be something you can't get rid of ... and why we need the ability to enforce granular permissions on everything an app wants to do.

    Most apps exist to do one of two things: steal your information, or deliver ads. Which is why I have give up on any app which has a corresp

    • by Calydor ( 739835 )

      Let's take the Facebook app as an example. If you buy a smartphone, and it has the Facebook app pre-installed, and you WANT to use the Facebook app ... what reasonable person would assume the pre-installed app is malware, and they should uninstall it then install the official one straight from Facebook?

      • Well, that's a terrible example. The Facebook app pretty much is malware already.

        Kidding aside, I have more or less come to the conclusion that almost all pre-installed software is malware or crapware. When I bought my last phone there was a bunch of garbage the carrier had put on it which I couldn't uninstall, but could only disable.

        Why the hell can't I, as the owner of the device, uninstall a piece of software? Because some asshole in marketing decided so? That shouldn't even be possible.

        • by ihtoit ( 3393327 )

          First time I rooted a phone it was my MotoRAZR V3i, because I hated the red-themed Vodafone softbranding. I got a factory image and flashed it with that, it's been unlocked and absolutely peachy ever since.

    • by mlts ( 1038732 )

      Problem is that we will see this problem "fixed" by things similar to Samsung's KNOX, where if someone tries to manually install their own ROM or unlock the bootloader, the device blows an e-Fuse, rendering it either incapable of using a factory ROM, or showing it has been tampered with on boot.

    • Which is why I have give up on any app which has a corresponding web-page.

      This is a really important point. The reason the web was so successful was because once you made a website, anyone with a computer could access it and anyone else's website using a single program. A common, unified method of interacting with multiple persons or organizations with minimum hassle. Prior to that was the telephone, which allowed you to call anyone using a single device. And prior to that was the invention of postal m

      • Re:Not really ... (Score:4, Insightful)

        by gstoddart ( 321705 ) on Tuesday September 01, 2015 @12:24PM (#50437729) Homepage

        If the experience on your phone's browser sucks, that just means the website needs a better mobile site

        I find the vast majority of web sites with a mobile version are complete crap.

        You hit a site due to a search, get redirected to the crap which is their useless mobile site, and can never find what you're looking for because apparently mobile sites are written by morons who write useless sites.

        I can't tell you how many sites I have had to do the "request desktop site" for because they don't seem to realize a useless mobile site is worse and more broken than not having a mobile website in the first place.

        In my experience the mobile version of most websites are pointless, because they don't really work.

    • by mlts ( 1038732 )

      The real solution is something like xPrivacy (or on iOS, PMP), where the app thinks it has all the permissions it ever will want, but it gets fed bogus data. Contacts? Gets garbage. Location? Fake. Advertising ID? Sure, pick one. ESN/IMEI? Whatever the RNG says, its all yours.

      It is surprising what apps ask for, permission-wise. If one uses a firewall program (Firewall IP on iOS, others on Android), you will find that a lot of apps communicate with tens to hundreds of sites that are pretty much irre

  • Lenovo (Score:4, Insightful)

    by Calydor ( 739835 ) on Tuesday September 01, 2015 @11:06AM (#50436869)

    Does Lenovo make ANYTHING anymore that isn't full of malware?

    • Re:Lenovo (Score:4, Funny)

      by willworkforbeer ( 924558 ) on Tuesday September 01, 2015 @11:13AM (#50436953)

      Does Lenovo make ANYTHING anymore that isn't full of malware?

      I found one possibility, but I haven't personally checked it for malware: http://shop.lenovo.com/SEUILib... [lenovo.com]

    • They have a new logo that makes all the problems go away. I wish it did. Lenovo is turning into a POS company with their actions of the past year abusing customer trust. The only product left undamaged by Lenovo managements stupid stunts are the ThinkPad line of laptops. How long before some Lenovo bean counter says "hey, we can save more money if we turn ThinkPads into crap!"
    • Does Lenovo make ANYTHING anymore that isn't full of malware?

      The classic ThinkPad lines T and W, but it really does appear to be exceptions.

  • by grub ( 11606 ) <slashdot@grub.net> on Tuesday September 01, 2015 @11:13AM (#50436961) Homepage Journal

    There is only one source you can trust for technology. That source is Apple. [apple.com]
    Sent from my Blackberry.

    .
  • They're not even in the list of makers that I know of:

    Samsung
    Apple (Samsung again)
    Motorola
    Nokia (Microsoft)
    LG
    Sony
    Sagem
    Siemens
    ZTE
    Blackberry

    (not exhaustive but my brain's a bit fucked right now).

  • And this is another reason that I find a "dumb" phone fits my needs. Good luck installing malware on the dinosaur-era flip-phone I use.

  • Malware, sure, but intelligent?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...