"The Register has reached out to CamScanner's developer"
No it sodding didn't. It CONTACTED CamScanners developer..
And don't you forget it.
An Android PDF maker with more than 100 million downloads from the official Play Store has been caught silently installing malware on victims' phones. Kaspersky's eggheads Igor Golovin and Anton Kivva claim CamScanner, an application that turns images into PDFs to share and edit, contains a library that quietly fetches and …
"The Register has reached out to CamScanner's developer"
No it sodding didn't. It CONTACTED CamScanners developer..
Much as I despise this use of "reach out", I do think it carries an overtone, here, that "contacted" doesn't -- the fact that the attempt to contact the developer has apparently, so far, failed.
Using "reached out" in this way is a clumsy attempt to save face by avoiding having to say "has not been able to contact, despite trying".
Far better to say "we tried to contact the developer, but the bastard won't answer".
There are, of course, purists who insist that "contact" is only a noun and el Reg should have said "attempted to make contact with".
JR-M probably has it on his banned list because his 2nd deputy nanny told him not to use that because her primary school teacher told her not to because her English teacher told her not to because Dr Johnson didn't define it as a noun. (Actually my old Pocket Oxford doesn't either but I'd guess a newer edition would.)
Why does it need a third party to tell Google that one of the apps hosted on its own app store is dodgy? So Play protect is basically worthless then?
"Scanning and verifying over 50 billion apps every day
All Android apps undergo rigorous security testing before appearing in the Google Play Store. We vet every app and developer in Google Play, and suspend those who violate our policies. Then, Play Protect scans billions of apps daily to make sure that everything remains spot on. That way, no matter where you download an app from, you know it’s been checked by Google Play Protect."
Often turned off so people can use third party TV and movie steaming apps which aren't in the Play Store.
I'm not sure that there is a dependency between the Play Protect functionality and whether or not you enable sideloading. I suspect that play protect continues to scan the apps you have installed from the Play store. I would think that you implicitly accept some responsibility for assessing third-party sourced apps
50 billion apps, or 50 billion individual installations?
If it's the former, the place must be awash with malware and crapware, scanning or no scanning. If it's the latter, then what action do they take on users' devices? Their website suggests the former, without any real clarity, so congratulations to the entire world population for writing several unique and useful Android applications every day!
Google just by virtue of having the playstore, has delivered more malware to people than another source in the world (less maybe the chinese government). And still never sends anyone a notice when they remove it from the store.
User: Hey I got malware from an app on your store, and all my data was stolen!
Goog: Cool story bro, not my problem.
User: you said it was safe, you verified it.
Goog: Did I? suckerrrrrr.
User: You F'd me over!
Goog: App developer got paid, we got paid, you got laid. Welcome to life LOL. So yep.
"I have done and do this to all my phones and tablets (buying only devices that allow LineageOS to be installed) and I can say: it simply works."
Which would be great if there was actually any support. Unfortunately, it's not available on the vast majority of phones, and even if you're lucky enough to have one that is supported, it may well not be in a month or two. It's great in principle that people are willing to give up their time to make something like that available at all, but there's little point in recommending it to people in practice because the chance of it actually being useful is close to zero.
Which would be great if there was actually any support. Unfortunately, it's not available on the vast majority of phones...
Similar to Google Pixel which has Google support which isn't available on the vast majority of the phones, 'official' LineageOS support isn't available on the vast majority. (Unofficial support is available everywhere in comparing to official support)
Users picked Google Pixel knowing that it will be supported by Google.
So users should also pick a device knowing that it will support LineageOS.
"Unfortunately, it's not available on the vast majority of phones, and even if you're lucky enough to have one that is supported"
Part one of that sentence is not true and as to part two... well, buying LineageOS-compatible stuff is not down to luck or Santa Claus, it is a conscious decision I have taken and take. These items are admittedly often (but not always) a little more expensive but in the long run they save money and a lot of trouble.
"there's little point in recommending it to people in practice because the chance of it actually being useful is close to zero."
Funny. I have four mobiles under my control (Sony, Moto, Sammy) and all are on LineageOS. I have three tablets under my control and again, all are on LineageOS.
I have no Google software on these phones and yet they are fully functional.
What I would agree with is that many people do not know (and can't be expected to know) how to achieve this though they would want to do it.
This is partly a reflection how badly the IT sector has let us down, especially in the last decade or so. Disclaimer: I am a developer myself.
I've been using camscanner for years, first on a Samsung note 3, excellent for scanning documents and saving them on the go.
I've never noticed anything untoward, but maybe I should factory reset my current phone and start over...
Any insight anyone?
Also, any recommendations of safe alternative that can do the same job?
Regards, Bryce.
I suppose it is too much to ask that their Android AV solution on someone's affected device phoned home with this ?
Of those 100M downloads at lease one must have been running their security suite (in other words, don't just blame Google for missing this, you would like to think Kaspersky were suddenly inundated with reports of malware from their own product).