back to article Google's secret to a healthy phone? Remote-controlling your apps

Google has claimed to have cut Android malware by half. Figures out of Mountain View this week suggest that the prevalence of PHAs (potentially harmful applications) found on Android 9 Pie devices is half the rate seen in its predecessor. Overall, this has fallen from 0.66 per cent in Lollipop to 0.06 per cent in Pie. The …

  1. Anonymous Coward
    Anonymous Coward

    Play Protect

    My neighbor brought me her new Android device she was given through the low income "Obama phone" program as it was exhibitting unusual behavior.

    The phone was installing unwanted apps without any user intervention from a third party app host.

    I found the culprit(s) to be the factory install "Gallery" application as well as the "OTA update" apps that were installing apps as they pleased.

    Uploading the SHA256 sums to Virus Total confirmed that both were malicious with the OTA update app getting flagged by 38 different AV engines..

    The phone itself was exhibiting rootkit-like behaviour in that there were many processes running hidden even from the system and logcat errors showed that it didn't recognize several of the processes which accounted for why there were very little processes shown when enabling developer tools.

    Just out of curiosity I enabled Google's Play Protects full scanning option and Play Protect said everything was OK.

    I did another scan several days later to see if Play Protect would flag any of the apps now that samples had been sent back to Google but the scans still showed all was well.

    There is a chance that the Play Protect functionality could have been hampered by the rootkit-like functionality of the device however.

    What was concerning to me was that the Google Chrome browser installed on the phone had a factory installed bookmark to the support forum of the wireless company that was distibuting these malicious phones and in the support pages themselves there were several users that had complained to the wireless company representatives including one user that had gone through many of the same checks as I had and posted his findings on the support site.

    Representatives from the wireless company did acknowledge the complaints so it is a mystery to me why my neighbor was given one of the infected devices over 9 months after the date of the complaints on the support page hard-coded into the phones Chrome browser.

    I tried reaching out to the wirelees company who then referred me to the manufacturer.

    The manufacturer has an automated answering machine that refers users back to the wireless company.

    It worries me to think of just how many of these dodgy phones are being handed out to the most vulnerable of American citizens.

    1. Lost In Clouds of Data
      FAIL

      Re: Obama Phone

      Please stop perpetuating the myth of the "Obama Phone".

      This program (that is still in affect under Trump and is called "Lifeline") started in the mid 1980s under Reagan, expanded in 1996 by Clinton and then updated again by Bush II to cover cellular devices.

      In addition the program only covers monthly discounts on service, it does not directly pay for any devices. That said, if a provider who undertakes to deliver service under the program chooses to also give the end user a 'free' phone then there are no rules stopping it.

      The FCC further refined the program in 2012 to reduce abuse and waste.

      The term "Obama Phone" was created and used by the opposition at the time in an attempt to paint Obama as a president who just gave shit away at the taxpayers expense (which it never did), totally ignoring its roots in two separate Republican administration's.

      Interesting note (and something that should be a surprise to no-one), some members of the GOP introduced a bill designed to curtail the Lifeline program; the totally misnamed "End Taxpayer Funded Cell Phones Act" (a lie because tax-payers don't finance the Lifeline program, it comes out the Universal Service Fund and, even if passed, the amount phone owners pay into that fund would not change). The bill got no-where.

      So this is no no-more a "Obama Phone" plan than it is a "Trump Phone" plan (funny, no-one's said a bloody word about that).

      But I digress.

    2. Anonymous Coward
      Anonymous Coward

      Re: Play Protect

      "she was given through the low income "Obama phone" program "

      What was that old Ronnie Raygun quote?

      "I'm from the government, I'm here to help"

      1. doublelayer Silver badge

        Re: Play Protect

        I recently saw a similarly low-cost phone riddled with malware straight from the factory. Fortunately, it had been purchased by a member of my family for their young child, who could not figure out why it kept making a sound every five minutes though notifications were turned off and that sound wasn't even the sound for notifications. I couldn't figure that out either, but found enough malware that I saw it as my duty to confiscate the device, find a malware-free replacement in a closet, and remove the original from our collective misery.

        For this device, the entry points of choice were a to do list app that had been installed in nonremovable fashion and of course the facebook app though probably only half of the malware in that was specifically facebook's fault. That thing was bashed enough times with a hammer before sent to recyclers. Die, unscrupulous android devices, die.

        1. Anonymous Coward
          Stop

          Re: Play Protect

          Of course this is the nature of Android. It's openness is that anyone can put it on anything and sell it at a stupidly low price point, subsidised by adverting. Even Amazon do this. People stupid enough to buy these devices, as too stupid to understand how subsidised devices work.

          Don't confuse this entry level shite with a proper Android device from a reputable supplier that is part of the Google Play programme.

          1. doublelayer Silver badge

            Re: Play Protect

            If I was simply using unwanted apps as an indicator of maliciousness, I would have a long list indeed with the phone I mentioned. I work in security, though not on android. The apps I mentioned were constantly phoning home to various servers that did not seem very happy about telling me what they did. The to do list app scanned as known malware. The facebook app did facebook things as far as I could tell, but did not seem to come from facebook and had a weird version number that I couldn't match with versions of facebook posted to google play. Convinced now?

          2. JohnFen Silver badge

            Re: Play Protect

            " a proper Android device from a reputable supplier that is part of the Google Play programme."

            I'd much prefer a proper Android device from a reputable supplier that has nothing whatsoever to do with the Google Play program.

    3. Anonymous Coward
      Anonymous Coward

      Re: Play Protect

      Very limited on info. Please tell us how you KNOW these apps were malicious? Unwanted != Malicious

      The other problem of course, is bedroom experts (or in this case, the bloke next door). What qualifications do you have in phone security and operating system architecture?

  2. cd

    The best way to be safe is to disable Play Services altogether and not use Google services or a login. Photos gripes about not working without Play Services but it does on the phone. Firefox and assorted blockers can be loaded via APK.

  3. JohnFen Silver badge

    Not so much

    Reducing immediately damaging apps is a good thing, but this does nothing for the majority of apps that continue to spy on you in ways Google deems acceptable.

  4. Chris G Silver badge
    Trollface

    Google is your best friend

    It stays very close to you and spends a great deal of time looking concernedly over your shoulder.

    Another thought occurs to me, does the Zuckerborg empire have similar protocols to justify inserting itself more deeply into your life?

  5. Triumphantape

    Sure, then the malware guys catch up.

  6. Anonymous Coward
    Anonymous Coward

    NSA?

    Google's secret to a healthy phone? Remote-controlling your apps

    OR.....

    NSA's secret to a stealthy phone? Remote controlling your apps?

  7. Anonymous Coward
    Anonymous Coward

    Click this link

    - for information on Malware -

    is like subscribing to privacy news.

    Anon, obviously

  8. drwc_apps

    REMINDER: This article refers to Android 9 Pie (Google's latest software release)

    Amidst these comments, would I be correct to identify a something was missed?

    This article explicitly refers to devices using the latest version of Google Android (Pie/9).

    There are limited devices which receive/use this operating system, and I wonder how many of the above comments apply.

    1. Anonymous Coward
      Anonymous Coward

      Re: REMINDER: This article refers to Android 9 Pie (Google's latest software release)

      "This article explicitly refers to devices using the latest version of Google Android (Pie/9)." .......

      ...... except for the first paragraph in the article which contrasts the malware issues with older versions.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020