"The infected apps ask for permission to make and manage phone calls."
Well if a fool of a User chooses to grant requests for those permissions, then him and his privacy will soon be parted.
Cybersecurity researchers at anti-virus software company Dr Web have discovered a treasure trove of malware-laced Android games on Huawei's AppGallery. The trojan, Android.Cynos.7.origin, is a Cynos variant that collects user information. To date it has been installed over 9.3 million times. The infected apps ask for …
Permissions can be very broad. "make and manage phone calls" could be there just to check if you are making a call before pinging you to announce their latest update.
The really annoying one is 'location' and refusing to permit access to 'Location' can cause the app to get very stroppy. The National Trust one went into a loop because I refused as I normally expect to choose the area to search rather than have it make suggestions based on where I happened to be at the time... it was only marginally better when I permitted Location but had GPS off (my default for the same reason, namely I normally know roughly where I am) as it hangs waiting for GPS then your response to 'GPS enable y/n?'
This is bad UI design. It should ask you to if you want access to GPS on first startup, then if you say "no", it shouldn't bother you again, but give you the option to change your mind maybe in some sort of settings option.
but even if Huawei's assurance is true that its hardware/system design is not open the the government's prying, an accidental-on-purpose habit of pisspoor software coding, exploited via a store of malware-infested client apps, might well be sufficient to keep the dragon placated. You only need one covert dragon egg in the store to gain popularity, and whoosh.
A lot of Android apps require the use of Google location services simply when they need to use Bluetooth. This is due to Google's persistence on detecting surrounding Bluetooth devices as part of their supposed positioning enhancements. Wifi, maybe, but Bluetooth?
Came here for this comment.
I have a Bluetooth enabled bicycle helmet with not too bad sounding speakers which would be perfect, except that i need to enable Bluetooth AND GPS otherwise, the helmet app refuses to connect to the helmet.
Annoying, but it gets even worse, the app compares my ride to all other helmet owners (in the area? worldwide? - no idea) and proceeds to passive aggressively nag me that I only managed to defeat x% of other riders on this trip. I'm still wondering why I should care, I simply went grocery shopping on the bike for *$%& sake, no one old me I was in a competition.
I only hope there's never a data leak of all routes, because then everyone and their dog would know exactly where I live/work/do whatever private stuff I certainly don't wish to share with the world while using this helmet.
It's still cool to be able listen to music during my daily commute to work though.
AppGallery’s built-in security system swiftly identified the potential risk within these apps
Because "Upon being contacted by the researchers, Huawei removed the 190 apps identified as infected".
We welcome all third-party oversight and feedback to ensure we deliver on this commitment
So the "built-in security system" did not "swiftly identify" the 190 additional apps as malicious?
Biting the hand that feeds IT © 1998–2021