back to article Beware of geeks bearing gifts: Evil game guides infect 2 million Androids

Ad-displaying malware in nearly 50 apps on the Google Play Store has infected nearly two million phones. And it's all thanks a combination of user stupidity, and the ad giant failing to spot and remove the software nasty lurking in its application souk. The rogue code – dubbed Falseguide because it is contained within game …

  1. jdoe.700101

    Maximum permissions

    Surely a simple first step for Google would be to limit permissions based on application type. In this case available permissions ought to be minimal.

    Taking it a step further, any developer requesting admin permissions could be vetted, as in theory happens when requesting a EV SSL certificate.

    1. Mark Simon

      Re: Maximum permissions

      That’s assuming they’re paying attention …

  2. poohbear

    Pick a name, any name

    I guess it is simply unthinkable that some non-Russian wanting to cover their tracks, would pick a Russian name...

    But yeah, when I see the permissions of the apps that my kid wants to install, I get really worried... why does a camera app need to access your identity? The whole permissions think is seriously broken, users need much more guidance and Google needs to start chucking apps off the store. We complain about Fake News, but what about Fake Apps?...

    1. CustardGannet
      Black Helicopters

      Re: Pick a name, any name

      "why does a camera app need to access your identity?"

      So the NSA* know who took the picture, obviously.

      (*Or the Putinistas, depending on your paranoia-orientation.)

      1. DropBear

        Re: Pick a name, any name

        It gets worse - I was beginning to rejoice seeing a recent-ish version of Android popping up individual permission requests for various rights (my older phone is "all or nothing" at install time), only to come to realize that absolutely all apps asking for any right whatsoever work... still "all or nothing", because denying ANY permission, even the least important one, results in all apps simply immediately quitting. There was nothing I could refuse them that would still see them continue, and I tried several different ones, iterating on the permission trying to refuse at least one - NOPE. So yeah, yay, progress*...

        * I would REALLY like to know why the permission system isn't doing what the xposed framework already did years ago - namely, it never actually refused an app anything, it just faked everything I told it to deny. Fake position for location, fake empty address book - the works... Why can't we still have this officially?!?

  3. tedleaf

    But nobody at Google is interested in play store,that's boring.

    Their busy touting the recent update to play store,but they still cannot do that properly,you still cannot search your past apps,they still appear to be thrown together at random,still no search by device,time,or name or type..

    As an "alpha" tester,my original play store account now has 5-6 thousand apps in my apps,searching that lot is not fun..

    Google have always paid lip service to security,nothing has changed..

  4. Anonymous South African Coward Silver badge

    So glad I did not ownload any game guides... Having said that, I will have to check on my daughter's tablet if she inadvertently downloaded something as she complains of adverts popping up.

  5. Anonymous Coward
    Anonymous Coward

    "two million idiots have ignored this red flag waved"

    Sorry, but much of this falls down on Googles non-existent validation.

    As a walled garden, would it of been to much for Google to deny store access to say a torch app that wants your call history, read SMS's, access to photos and media?

    Because of the utter lack of any enforcement, allow an app access to pretty much everything has become the norm for most people.

    Hell Google ones are amongst the worst for it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like