Results 1 to 10 of 10
  1.    #1  
    HI all,

    This is exactly why I am so glad that Palm didn't decide to license webOS, instead of putting Palm up for sale.

    Android's main volubility is the fact that the Android market is so splintered, due to over customization and vendors using older issues of 'Droid.

    Below is another reason.

    Take care all,

    Jay

    Google to Deploy "Remote Kill" Policy for Malicious Android Apps

    Gizmodo, the Gadget Guide

    Jack Loftus Late last night Google finally published an official response to the dozens of malicious Android applications that had infiltrated the Android Market.

    Within the response, the company confirmed that there were 58 malicious applications total, and that they were indeed downloaded by approximately 260,000 devices before Google was able to remove them from the store. While that may seem like a lofty, dangerously high number of infected devices, Google also went on to claim that only a user's IMEI number was ever beamed away to parties unknown.

    Google went on to say the company is creating a "kill switch" feature that will grant them the ability to remotely zap malicious applications without any input from the user. Furthermore, the Android Market will be receiving a security update that will address this vulnerability, although there's a big catch.

    The catch is one that Android users and developers are well aware of: Mainly, that while Google can produce the update and ask carriers to push it to their devices, there's no guarantee the update will be pushed in a timely manner. This is a system upgrade, and requires the carriers and hardware manufacturers push the update to their devices themselves. For the purposes of this update, a user's security is entirely within the hands of the carriers and hardware manufacturers. Yikes!

    Lastly, the letter Google is sending affected users, as obtained by Techcrunch:

    You are receiving this message to inform you of a critical issue affecting your Android Market account.

    Hello,

    We recently discovered applications on Android Market that were designed to harm devices. These malicious applications ("malware") have been removed from Android Market, and the corresponding developer accounts have been closed.

    According to our records, you have downloaded one or more of these applications. This malware was designed to allow an unauthorized third-party to access your device without your knowledge. As far as we can determine, the only information obtained was device-specific (IMEI/IMSI, unique codes which are used to identify mobile devices, and the version of Android running on your device).

    However, this malware could leave your device and personal information at risk, so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says "Android Market Security Tool March 2011" has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.

    To ensure this update is run quickly, please make sure that your device is turned on and has a strong network connection.

    For more details, please visit the Android Market Help Center.

    Regards,
    The Android Market Team

    This is all very unsettling, to say the least. [Techcrunch]
    Please Support Research into Fibromyalgia, Chronic Pain and Spinal Injuries. If You Suffer from These, Consider Joining or Better Yet Forming a Support Group. No One Should Suffer from the Burden of Chronic Pain, Jay M. S. Founder, Leesburg Fibromyalgia/Resources Group
  2. #2  
    Quote Originally Posted by ilovedessert View Post
    This is exactly why I am so glad that Palm didn't decide to license webOS, instead of putting Palm up for sale.

    Android's main volubility is the fact that the Android market is so splintered, due to over customization and vendors using older issues of 'Droid.
    I'm not sure I understand how having more than one vendor, an allegedly "splintered" market, or "over-customization" leaves a phone more vulnerable to malware than having a single vendor. Would you make the connection please?
  3.    #3  
    Quote Originally Posted by Kupe View Post
    I'm not sure I understand how having more than one vendor, an allegedly "splintered" market, or "over-customization" leaves a phone more vulnerable to malware than having a single vendor. Would you make the connection please?
    The aren't connected...it is just another mark against a very confusing platfrom....(by confusing I mean, that not just do you have 'Droid" customized for each vendors phone, you have some firms shipping units with different versions of the software...).
    Please Support Research into Fibromyalgia, Chronic Pain and Spinal Injuries. If You Suffer from These, Consider Joining or Better Yet Forming a Support Group. No One Should Suffer from the Burden of Chronic Pain, Jay M. S. Founder, Leesburg Fibromyalgia/Resources Group
  4. #4  
    Quote Originally Posted by ilovedessert View Post
    The aren't connected...it is just another mark against a very confusing platfrom....(by confusing I mean, that not just do you have 'Droid" customized for each vendors phone, you have some firms shipping units with different versions of the software...).
    Oh ok - so you just made that part up with nothing at all to back it up. Gotcha.

    I would submit this is only confusing to a small group of (seemingly unadaptive) non-users. Folks in-the-know have no problem dealing with the abundance of choice offered by the Android community and folks who are uninformed don't care - they just buy the phone because it does what they want. The non-users, on the other hand, seem incapable of doing what 300,000 people per day seem to be able to do: Purchase and use an Android phone successfully.

    How do you feel about Palm releasing 3 versions of the Pre with a different model on each carrier and a different carrier-associated update release schedule? Would you call that a "splintered market" too?
  5. #5  
    Quote Originally Posted by ilovedessert View Post


    Furthermore, the Android Market will be receiving a security update that will address this vulnerability, although there's a big catch.

    The catch is one that Android users and developers are well aware of: Mainly, that while Google can produce the update and ask carriers to push it to their devices, there's no guarantee the update will be pushed in a timely manner. This is a system upgrade, and requires the carriers and hardware manufacturers push the update to their devices themselves. For the purposes of this update, a user's security is entirely within the hands of the carriers and hardware manufacturers. Yikes!
    Umm I believe this is what Jay was referring to...

    Thanks


    -- Sent from my Palm Pre using Forums
  6. #6  
    Really our security isn't just up to them, there are security services available. I use Lookout.

    Beamed down to the earthlings from my eVo
    Sent from my favorite gadget!
  7. #7  
    Ain't no different from the PC market.

    if i wanted hand holding, i'd look elsewhere to be honest. I don't even have much against hand holding...but i also don't mind an open market.
  8. #8  
    Quote Originally Posted by verwon View Post
    Really our security isn't just up to them, there are security services available. I use Lookout.
    Precisely. One of the downsides of being the biggest, baddest OS out there is that it's going to become the target of the seedier elements. Apple and RIM avoid this through draconian app store/software policies. HP avoids it because who would waste time writing webOS malware? Android, I'm happy to say, is more open than Apple and RIM, but that requires a little care on the part of the users...just like with a windows PC.
  9. #9  
    Quote Originally Posted by ilovedessert View Post
    The catch is one that Android users and developers are well aware of: Mainly, that while Google can produce the update and ask carriers to push it to their devices, there's no guarantee the update will be pushed in a timely manner. This is a system upgrade, and requires the carriers and hardware manufacturers push the update to their devices themselves. For the purposes of this update, a user's security is entirely within the hands of the carriers and hardware manufacturers. Yikes!
    And yet Google says...
    Quote Originally Posted by ilovedessert View Post
    ...so we are pushing an Android Market security update to your device to remove this malware. Over the next few hours, you will receive a notification on your device that says "Android Market Security Tool March 2011" has been installed. You are not required to take any action from there, the update will automatically run. You may also receive notification(s) on your device that an application has been removed. Within 24 hours of receiving the update, you will receive a second email confirming its success.
    I don't know, "within a few hours" seems timely to me.

    Also, kill switches are a good thing when used correctly, no? Don't all the mobile OSes have them now?
  10. #10  
    kill switches are pretty much a must in the business space in some sense to protect data on things like lost phones or illegal software. i don't see them going anywhere.

Posting Permissions