Results of 1 - 1 of about 725 for Android 12 (1.968 sec.)
android (2801), 12 (27798)
- Malware in Mobile Devices - GNU Project - Free Software Foundation
- #score: 5143
- @digest: 353393fa7609a5443c4a24a8260cf4be
- @id: 113586
- @mdate: 2019-06-15T00:09:40Z
- @size: 22231
- @type: text/html
- #keywords: phones (5067), mobile (4627), tyrants (4292), android (3878), apps (3036), malware (2942), spyware (2850), laptops (2334), devices (2286), personal (2260), google (2218), samsung (1993), tracking (1991), snoop (1963), malicious (1756), insecurity (1737), remotely (1716), functionalities (1612), listening (1428), universal (1333), surveillance (1312), privacy (1216), app (1039), proprietary (1009), gratis (946), users (917), security (906), phone (845), door (829), portable (791), developer (740), article (698)
- Malware in Mobile Devices Other examples of proprietary malware Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) Malware and nonfree software are two different issues. The difference between free software and nonfree software is in whether the users have control of the program or vice versa . It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some. Here are examples of malware in mobile devices. See also the the Apple malware page for malicious functionalities specific to the Apple iThings. Type of malware Back doors Insecurity Surveillance Digital restrictions management or “DRM” means functionalities designed to restrict what users can do with the data in their computers. Jails —systems that impose censorship on application programs. Tyrants —systems that reject any operating system not “authorized” by the manufacturer. Mobile Back Doors The universal back door in portable phones is employed to listen through their microphones . Most mobile phones have this universal back door, which has been used to turn them malicious . More about the nature of this problem . Samsung Galaxy devices running proprietary Android versions come with a back door that provides remote access to the data stored on the device. Samsung's back door provides access to any file on the system. In Android, Google has a back door to remotely delete apps (it is in a program called GTalkService). Google can also forcibly and remotely install apps through GTalkService (which seems, since that article, to have been merged into Google Play). This adds up to a universal back door. Although Google's exercise of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely deactivate programs that it considers malicious. But there is no excuse for allowing it to delete the programs, and you should have the right to decide who (if anyone) to trust in this way. Mobile Insecurity These bugs are/were not intentional, so unlike the rest of the file they do not count as malware. We mention them to refute the supposition that prestigious proprietary software doesn't have grave bugs. Siri, Alexa, and all the other voice-control systems can be hijacked by programs that play commands in ultrasound that humans can't hear . Many Android devices can be hijacked through their Wi-Fi chips because of a bug in Broadcom's non-free firmware. Samsung phones have a security hole that allows an SMS message to install ransomware . Many proprietary payment apps transmit personal data in an insecure way . However, the worse aspect of these apps is that payment is not anonymous . The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry . While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are lots of bugs in the phones' radio software . Mobile Surveillance The Sarahah app uploads all phone numbers and email addresses in user's address book to developer's server. Note that this article misuses the words “ free software ” referring to zero price. Some portable phones are sold with spyware sending lots of data to China . Facebook's app listens all the time, to snoop on what people are listening to or watching . In addition, it may be analyzing people's conversations to serve them with targeted advertisements. A research paper that investigated the privacy and security of 283 Android VPN apps concluded that “in spite of the promises for privacy, security, and anonymity given by the majority of VPN apps—millions of users may be unawarely subject to poor security guarantees and abusive practices inflicted by VPN apps.” Following is a non-exhaustive list of proprietary VPN apps from the research paper that tracks and infringes the privacy of users: SurfEasy Includes tracking libraries such as NativeX and Appflood, meant to track users and show them targeted ads. sFly Network Booster Requests the READ_SMS and SEND_SMS permissions upon installation, meaning it has full access to users' text messages. DroidVPN and TigerVPN Requests the READ_LOGS permission to read logs for other apps and also core system logs. TigerVPN developers have confirmed this. HideMyAss Sends traffic to LinkedIn. Also, it stores detailed logs and may turn them over to the UK government if requested. VPN Services HotspotShield Injects JavaScript code into the HTML pages returned to the users. The stated purpose of the JS injection is to display ads. Uses roughly 5 tracking libraries. Also, it redirects the user's traffic through valueclick.com (an advertising website). WiFi Protector VPN Injects JavaScript code into HTML pages, and also uses roughly 5 tracking libraries. Developers of this app have confirmed that the non-premium version of the app does JavaScript injection for tracking and display ads. A study in 2015 found that 90% of the top-ranked gratis proprietary Android apps contained recognizable tracking libraries. For the paid proprietary apps, it was only 60%. The article confusingly describes gratis apps as “free”, but most of them are not in fact free software . It also uses the ugly word “monetize”. A good replacement for that word is “exploit”; nearly always that will fit perfectly. A study found 234 Android apps that track users by listening to ultrasound from beacons placed in stores or played by TV programs . Faceapp appears to do lots of surveillance, judging by how much access it demands to personal data in the device . Pairs of Android apps can collude to transmit users' personal data to servers. A study found tens of thousands of pairs that collude. Google Play intentionally sends app developers the personal details of users that install the app . Merely asking the “consent” of users is not enough to legitimize actions like this. At this point, most users have stopped reading the “Terms and Conditions” that spell out what they are “consenting” to. Google should clearly and honestly identify the information it collects on users, instead of hiding it in an obscurely worded EULA. However, to truly protect people's privacy, we must prevent Google and other companies from getting this personal information in the first place! Google Play (a component of Android) tracks the users' movements without their permission . Even if you disable Google Maps and location tracking, you must disable Google Play itself to completely stop the tracking. This is yet another example of nonfree software pretending to obey the user, when it's actually doing something else. Such a thing would be almost unthinkable with free software. Verizon announced an opt-in proprietary search app that it will pre-install on some of its phones. The app will give Verizon the same information about the users' searches that Google normally gets when they use its search engine. Currently, the app is being pre-installed on only one phone , and the user must explicitly opt-in before the app takes effect. However, the app remains spyware—an “optional” piece of spyware is still spyware. The Meitu photo-editing app sends user data to a Chinese company . A half-blind security critique of a tracking app: it found that blatant flaws allowed anyone to snoop on a user's personal data . The critique fails entirely to express concern that the app sends the personal data to a server, where the developer gets it all. This “service” is for suckers! The server surely has a “privacy policy,” and surely it is worthless since nearly all of them are. Apps that include Symphony surveillance software snoop on what radio and TV programs are playing nearby . Also on what users post on various sites such as Facebook, Google+ and Twitter. More than 73% and 47% of mobile applications, both from Android and iOS respectively share personal, behavioral and location information of their users with third parties. “Cryptic communication,” unrelated to the app's functionality, was found in the 500 most popular gratis Android apps . The article should not have described these apps as “free”—they are not free software. The clear way to say “zero price” is “gratis.” The article takes for granted that the usual analytics tools are legitimate, but is that valid? Software developers have no right to analyze what users are doing or how. “Analytics” tools that snoop are just as wrong as any other snooping. Many proprietary apps for mobile devices report which other apps the user has installed. Twitter is doing this in a way that at least is visible and optional . Not as bad as what the others do. Portable phones with GPS will send their GPS location on remote command and users cannot stop them: http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers . (The US says it will eventually require all new portable phones to have GPS.) Spyware in Cisco TNP IP phones: http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html . Spyware in Android phones (and Windows? laptops): The Wall Street Journal (in an article blocked from us by a paywall) reports that the FBI can remotely activate the GPS and microphone in Android phones and in laptops . (I suspect this means Windows laptops.) Here is more info . Some Motorola phones modify Android to send personal data to Motorola. Some manufacturers add a hidden general surveillance package such as Carrier IQ. Widely used proprietary QR-code scanner apps snoop on the user . This is in addition to the snooping done by the phone company, and perhaps by the OS in the phone. Don't be distracted by the question of whether the app developers get users to say “I agree”. That is no excuse for malware. Mobile DRM Google now allows Android apps to detect whether a device has been rooted, and refuse to install if so . Update: Google intentionally changed Android so that apps can detect rooted devices and refuse to run on them . The iPhone 7 contains DRM specifically designed to brick it if an “unauthorized” repair shop fixes it . “Unauthorized” essentially means anyone besides Apple. The article uses the term “lock” to describe the DRM, but we prefer to use the term digital handcuffs . Android contains facilities specifically to support DRM . Mobile Jails Mobile devices that come with Windows 8 are tyrants . Windows 8 on “mobile devices” is a jail. Mobile Tyrants Some Android phones are tyrants (though someone found a way to crack the restriction). Fortunately, most Android devices are not tyrants. Please send general FSF & GNU inquiries to <gnu@gnu.org> . There are also other ways to contact the FSF. Broken links and other corrections or suggestions can be sent to <webmasters@gnu.org> . Please see the Translations README for information on coordinating and submitting translations of this article. Copyright © 2014, 2015, 2016, 2017 Free Software Foundation, Inc. This page is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License . Updated: $Date: 2017/12/31 12:29:58 $
...
-
http://www.gnu.org/savannah-checkouts/gnu/www/proprietary/po/malware-mobiles.it-en.html
- [detail]
- [similar]
PREV
NEXT