x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Design flaw in Android could allow for malware to mimic legitimate apps

Design flaw in Android could allow for malware to mimic legitimate apps

Posted: , by Nick T.

Tags:

Design flaw in Android could allow for malware to mimic legitimate apps
Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk.

The latest vulnerability that was brought to our attention targets Android users, and although it has not caused any damage yet, it has the potential to give you quite a headache. It has been discovered that “a design flaw” in the Android operating system could allow for unwanted pop-ups to appear whenever a set application is running thus defiling your smartphone with annoying pop-ups. However, if executed properly, the flaw could potentially be used for phishing attacks to be targeted at your device.

In a nutshell, when the malware detects that your banking app or e-mail client, for example, is running, it can launch an identically-looking pop-up app asking for your credentials. What makes things worse is that the execution of the pop-up app can happen so fast that the user would probably never realize what has happened until it is too late. The malware could even install itself as a service and run seamlessly in the background even after the phone is rebooted.

There have been no registered cases of the so-called design flaw being used in a malicious way, but a proof-of-concept application has been demonstrated just recently at the DefCon hacking convention. That is why we have said it before and we will say it again - you should always be extra careful when downloading apps from any shady-looking software marketplaces as you never know what might be coming along with them.

source: CNET

55 Comments
  • Options
    Close




posted on 08 Aug 2011, 11:03 9

7. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


cue Android fans who will backpedal in 3...2..1..

posted on 08 Aug 2011, 13:49 5

23. mr.niceguy (unregistered)


derp.

posted on 08 Aug 2011, 11:10 7

8. HTCiscool (Posts: 449; Member since: 16 Jul 2011)


I think Taco, The_Miz, and SteveJobs are all the same person.

posted on 08 Aug 2011, 12:06 7

14. SteveJobs (Posts: 12; Member since: 24 Jul 2011)


You my friend are so wrong

posted on 08 Aug 2011, 14:54 3

25. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Oh no, you figured it out. I guess I better change both our names.

posted on 08 Aug 2011, 10:13

2. readingthissh1t (Posts: 303; Member since: 20 Jul 2011)


nother software update until ics

posted on 08 Aug 2011, 10:22 5

3. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


Oh boy the iSheep are going to have a field day with this! lol I don't get why people have these problems. I have had Android for more than 3 years & STILL no malware. I guess I have more common sense then other Android users! lol

"Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk." I mean what else needs to be said! Please JUST BE CAREFUL!

posted on 08 Aug 2011, 10:29

4. PeterIfromsweden (Posts: 1230; Member since: 03 Aug 2011)


You should get bada.
There is no malware for bada, and you can only download apps from Samsungapps where they all apps go through strict testing.
By the way SuperAnroid, please read my answer to your last post in the bada article (i answered you about 15 minutes ago in that article).

posted on 08 Aug 2011, 10:36 3

5. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


Yes but then I would have to get a feature phone. That would be a total downgrade from my HTC Evo 3D! I love my smart phone, & I have NEVER had a problem. Bada is definitely NOT for me. Thanks for the concern though! :-)

posted on 08 Aug 2011, 17:13 1

35. G-Reg (unregistered)


2 more than you

posted on 08 Aug 2011, 10:56 9

6. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Lol, Android has had a design flaw since day one. And google still can't do anything about this malware problem while iOS has virtually no security hacks. Wow Google, way to be on top of things.

posted on 08 Aug 2011, 11:13 7

9. CH (unregistered)


What's that I smell? Oh yes, Apple-fanboyism trolling at the decent Android folks again. Do us a favor and go shine your Apple silver-logos, will ya? And ask your mom to buy new Apple earbuds for 100€ lol.

posted on 08 Aug 2011, 11:17 9

10. HTCiscool (Posts: 449; Member since: 16 Jul 2011)


I'm sorry, which OS got jailbraked 1,000,000 times before release and then got a wikipedia page made about it titled ''History of iOS jailbreaking''?

posted on 08 Aug 2011, 11:39 7

11. Droid_X_Doug (Posts: 5529; Member since: 22 Dec 2010)


No iOS security hacks? Then why all of the urgent emergency to upgrade to iOS 4.3.5?

posted on 08 Aug 2011, 13:30 5

22. David Heim (unregistered)


"...iOS has virtually no security hacks."

Hey The_Miz, why don't you stop saying that apple has no hacks? You must be some ignorant apple fanboy who assumes that apple products can't get hacked. Why do people jailbreak their iphones or ipods or whatever the hell apple calls their products if people assume that they have a perfect product? Besides, I've had android for at least 2 years now and I haven't got a damned virus at all. If you know when and where to download an app, then you won't have a problem. So you know what? You can shove your previous comment up your ass and shut the hell up.

posted on 08 Aug 2011, 11:47 8

12. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


Know what I love? How this entire explanation somehow skips the part where the malware actually gets on your phone. Seems from the hints that it's the same damn thing: when you're stupid enough to deal with the darkened store down the alley run by the snivelling little guy with missing teeth and an aura of evil which makes the Emperor look like a goddamned Care Bear.

posted on 08 Aug 2011, 11:50 3

13. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


lol That is so right! lol

posted on 08 Aug 2011, 14:55 5

26. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Oh how I'd like to meet you down a dark alley.

posted on 08 Aug 2011, 15:36 2

31. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


If we do, can we braid each others' hair?

posted on 08 Aug 2011, 16:14 3

32. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


The_Miz I would have thought you would have said the entrance ramp for the Royal Rumble or something like that! I used to like Monday Night RAW! lol

posted on 08 Aug 2011, 15:19 5

29. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


exactly this is a NON ISSUE. I don't even know why it's being reported. I think PA is probably iSheep.

posted on 08 Aug 2011, 16:58 4

34. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


I thumbed you up even though I know you're being horribly sarcastic AND even though you're using a strawman in order to try to make my position appear wrong.

Don't get me wrong, I get concerned over security issues, but that concern doesn't have to be in the form of hysterically abandoning an operating system I love because of an issue that, more likely than not, won't ever affect me.

posted on 08 Aug 2011, 12:09 9

15. SteveJobs (Posts: 12; Member since: 24 Jul 2011)


Perfection can only be achieved by me

posted on 08 Aug 2011, 13:05 2

20. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


SteveJobs you are the funniest guy here in PhoneArena.com! lol

posted on 08 Aug 2011, 18:29 3

37. wumberpeb (Posts: 414; Member since: 14 Mar 2011)


Steve, I actually laugh when you post something...

posted on 09 Aug 2011, 08:09 3

49. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


Me too wumberpeb! lol

posted on 08 Aug 2011, 12:34 2

17. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


Okay.

posted on 08 Aug 2011, 12:39

18. iosmaster (Posts: 115; Member since: 06 Jul 2011)


WATCH THE PIC ITS EPIC FUNhttp://obamapacman.com/2011/08/hypocrite-google-executive-cries-foul-when-patents-attack-android/

posted on 08 Aug 2011, 12:45 8

19. Stuntman (Posts: 707; Member since: 01 Aug 2011)


You mean if I have a device that is a computer I can get malware? Boy, I'm so glad I read this article because I would have no idea that this could happen otherwise. :p

Security flaws exist in all products. Android phones are not the only ones that have security flaws. Don't think that using a non-Android phone means you are immune to malware. I've seen other articles publicising security flaws in other phones as well.

Hopefully the publicity that this article generates will spur Google on to get this flaw fixed.

posted on 08 Aug 2011, 14:10 5

24. PhoneArenaUser (Posts: 5447; Member since: 05 Aug 2011)


Agree.

posted on 08 Aug 2011, 13:28 5

21. Sakthi (unregistered)


I dont understand why people are so annoyed by the criticisms on their beloved operating systems? Just accept the problems. Instead what the people have been throwing at each other wont do any good for anybody. All oss have their own strengths and weaknesses. Just remember symbian as an example. Symbian ruled the world for more than a decade and now it is in extinction stage. Leave all the nonsense please.

posted on 08 Aug 2011, 15:05 3

27. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


We don't really need the weekly security fails by android to know it's a malware infested pos system. Only thing android is good at is stomping all over other companies IP.

posted on 08 Aug 2011, 15:35 3

30. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


"Malware infested"

Only if the malware manages to get on your phone to begin with, an eventuality that the average user just doesn't face.

Android is also good at kicking Apple in the pants so they stop stagnating with their OS, bringing focus to the processing power of smartphones, and causing iFanboys to froth at the thought that anyone else in the world would dare create an operating system that is optimized for a touchscreen interface and thrives upon the use of third party apps organized into a list of icons somewhere-anywhere-on the phone.

posted on 08 Aug 2011, 16:49 3

33. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


So let's cover what Google is supposedly infringing on so far:

They are supposedly infringing on Sun's old patents for their open source Java code, something which Sun didn't give a s**t about. Oracle bought Sun out and promptly filed the lawsuit, which indicates serious patent trolling.

They are supposedly infringing on TWO patents which Apple owns, which are "absurdly broad" (in the words of Dilbert author Scott Adams-see this past Sunday's strip) and haven't even been through final judgment yet.

HTC is paying royalties to Microsoft for the rights to use more patents, which they started doing without Microsoft ever having to sue them.

Hardly "stomping all over other companies' IP, is it, Taco?

posted on 08 Aug 2011, 18:28 1

36. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


"Now, AppleInsider is reporting that new evidence indicating that Google willfully infringed on Java patents to develop Android has arisen and that it “could damage Google’s efforts to defend Android from additional patent disputes.”


http://www.technocliq.com/11840/news/evidence-that-googles-android-willfully-infringed-oracles-java-surfaces/

"Back in 2005, well before Android was released, Rubin wrote, “If Sun doesn’t want to work with us, we have two options: 1) Abandon our work and adopt MSFT CLR VM and C# language – or – 2) Do Java anyway and defend our decision, perhaps making enemies along the way.”

posted on 08 Aug 2011, 18:55

38. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


So...that would be...one company, whose code was open source. And Android was also released as a totally free OS. And Sun never made a legal move toward Google, which means it's possible that Google and Sun reached some kind of agreement about the Java code. And then Oracle came along, bought Sun, and promptly sued Google. It was never any secret that Google was using Java. So did Google "stomp all over" Sun? Not necessarily. We may never know what Sun actually thought of Java being in Android. Did Google "stomp all over" Oracle? No, because it wasn't originally Oracle's IP, and in fact wasn't Oracle's IP until January of 2010, several months after the explosion in Android's popularity.

Oracle just positioned itself to win the lottery. That's not justice, Taco. That's a way to make cheap billions. And don't even try to say Apple is immune to scrutiny, because it's been the subject of many, many lawsuits over the past 3 decades. In fact, there's an entire Wikipedia page on it.

posted on 08 Aug 2011, 20:29 1

43. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


Read the article. If it's true google new they were infringing, but decided it would be cheaper to take their chances with lawsuits rather then rewrite their own code.

posted on 08 Aug 2011, 22:07 1

45. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


Yeah, I've read multiple iterations of the same article. The trouble is that we never see the emails that come after that; we never see the behind the scenes decisions, we never see the discussions with Sun, whom they were obviously planning on contacting either way.

Assumptions assumptions.

posted on 09 Aug 2011, 10:17

51. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


you sure know how to cough up news don't ya? but what about this?
http://www.zdnet.com/blog/open-source/sun-ceo-explicitly-endorsed-javas-use-in-android-what-do-you-say-now-oracle/9285

posted on 10 Aug 2011, 15:52

55. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


Oh snap. Lol. Awesome scoop, Proto.

Hmm, I wonder why Phonearena has declined to comment on this one?

posted on 08 Aug 2011, 19:09 5

39. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


So, I'm curious, iFanboys: would you only thumb me up if I suddenly screamed "Oh, MY! There's a security hole in my software! I must immediately abandon Android and buy an iPhone! Android sucks complete and total ass! BARBECUE!!!!!!" Is that what would make you happy?

I mean, you're obviously not satisfied with "I acknowledge that it's an issue, but if you use your head you're probably not going to be affected, and the issue will be resolved anyway." You're not satisfied with "I want Google to fix this, and I trust that they will, because their track record shows a continual effort at improving their products and abandoning projects that cannot be saved and taking a different approach next time." You're not satisfied with "No need to panic over this, it can and will be fixed, and no OS is absolutely secure."

No, you can't be satisfied by any of that. You also hate when the numerous issues that have popped up with iOS are pointed out, or you simply ignore them. I remember seeing Whateverman point out countless times that iOS force closes apps too (just without a notification that it's done so) yet no iFan ever acknowledges this. They just skip over it conveniently. You also choose to ignore when it's pointed out that yes, iOS has updates to fix bugs, security issues, etc., several times a year as well.

On another note, you seem to ignore the fact that Apple takes ideas and coding from other people all the time as well, yet are the first to jump on Google for violating a couple of patents from a couple of company, with only one of those company's patents actually covering programming code, and the other company's patents covering some absurdly broad ideas.

This all seems to build a double standard, one where Apple can do no wrong and Google is the harbinger of death, evil and destruction. You accuse Android of being a "POS copycat" when none of you actually use an Android phone with any regularity, and base your accusations on "ZOMG, IT HAS APPS!" or "f**k, IT HAS A TOUCHSCREEN!" or "s**tNIPPLES, THE APPS ARE ORGANIZED IN AN EASY TO NAVIGATE LIST!!!!!!" Or you exaggerate issues like force closes and malware, which most people don't experience with any kind of regularity whatsoever. You almost never recognize anything Android does right, like it's notification system, depth of customization and functionality, and the movement it kickstarted which has brought a new focus to smartphones as possible replacements for computers.

I have my complaints about Android and Motoblur and some hardware design choices, but quite frankly, everything else works so well that I see no reason to spend my day stomping on the system which hundreds of people are spending their lives to build and improve on.

At the same time, I have repeatedly said that I do like Apple's software and hardware design for the most part, and agree that what they build generally works very well.

posted on 08 Aug 2011, 19:12 5

40. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


But none of that is good enough for any of you. You won't be happy until I throw all of my Android phones in the trash, spit on their metal and plastic corpses, and join the Cult of i. It's the attitude of the very religious and mentally ill. Yeah, sure, I take the piss out of Apple sometimes when it f**ks up, but I still have no problem who simply express a preference for iOS and Apple products. But the attitude you take... I mean, Jesus, I've seen friendlier attitudes from fundie Christians and Muslims when they find out I'm an atheist.

My point is: why do you act this way, and what would it take for you all to not act like assholes over a GOD. DAMN. PHONE?

posted on 08 Aug 2011, 19:45 1

41. Stuntman (Posts: 707; Member since: 01 Aug 2011)


Try not responding to those posts. I would hope that people can tell which posts are for serious discussions and which are not.

posted on 08 Aug 2011, 20:26 1

42. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


Man the thumbs down really got to you today lol. Cheer up buddy it will get better. I'm sure PA will post a good android market share article you can troll on.

posted on 08 Aug 2011, 21:57 6

44. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


They didn't really. It was a cumulative effect of the general hysteria and stupidity I've been seeing from ifanboys of your caliber.

posted on 08 Aug 2011, 23:56 4

46. Whateverman (Posts: 3187; Member since: 17 May 2009)


I know what you mean. I gave up on the truce about 6 articles ago. And to think, SuperAndroidEvo told me a while back it would never work because you can't reason with iFans. Right again Super!

posted on 09 Aug 2011, 00:37 5

47. Sniggly (Posts: 6695; Member since: 05 Dec 2009)


If you qualify "iFans" as "people whose fanboyism turns Apple into a subject of almost religious reverence," then I completely agree. There are a couple, like biophone and Davecann2, who are reasonable and friendly, but Taco and Miz continue to be vicious.

On the other hand, Gemini volunteered to stop fighting. Major coup, as in the past he's been one of the worst.

posted on 09 Aug 2011, 08:28 4

50. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


That is why a call those people iSheep. They are sheep that is herded by their Shepherd Steve Jobs. biophone, Davecann2 are Apple fans NOT iSheep. They are very reasonable people & don't take Apple success to a level of iSheep. With them you can have a conversation in a very intelligent & diplomatic way. iSheep always make it personal & think that they are better, richer or whatever than other people because they own an iPhone. That is the mentality I know Sniggly is talking about. He is right some iSheep just go too far & don't make this fun anymore. I too remember the conversation I had with Whateverman & I am glad that he remembered. iSheep can't be reasoned with, they are too far into their ways that they need some serious rehabilitation. It's like their lives are governed by the iPhone 4 & Shepherd Steve Jobs. It is almost religious reverence!

posted on 09 Aug 2011, 12:01 2

52. ilia1986 (unregistered)


sniggly, evo, I completely agree. As an iPhone user myself it sickens me to see and hear people praising it so much. Yes, the iPhone is cool for awhile... particulary if you've come from a sad world of the Nokia 5800, but after awhile - 3 - 4 months - it became boring. Than I jailbroken - and my world suddenly filled with a zillion of awesome tweaks.. but after awhile I realized that there are still a lot of things that the iPhone just doesn't have. And that's where I realized the gospel truth - iOS SUCKS, compared to Android. Not on it's own - just compared to Android.

Any sane, unbiased and intelligent (read: NOT Taco or Miz) individual will see that just via YouTube videos. I have. And my next phone is an Android phone. Maybe the Nexus Prime. Maybe something else. But unless Apple pulls a complete miracle - an actual one, not "Revolutionary-video-calls-on-wifi-only-lolz-only-to-iPhones" type, but an actual innovation (I know - it's hard for Apple to actually innovate something as of lately) - I'll have one burning hot green robot in my pocket, thankyou.

posted on 09 Aug 2011, 15:38 2

54. SuperAndroidEvo (Posts: 3755; Member since: 15 Apr 2011)


Well ilia1986 you covered all the bases. All I can say is that I am 100% with you! When that Nexus Prime comes out, it's going to be one hell of a phone. You will be VERY satisfied!

posted on 09 Aug 2011, 01:46 1

48. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


You should change your profile pic to a pirate

posted on 09 Aug 2011, 12:23 3

53. taz89 (Posts: 2008; Member since: 03 May 2011)


@sniggly how i wanted to say that for a long long time but just felt there was no point wasting my time...for some reason you really cannot reason with ''hardcore'' ifanboy because as you said apple can do no wrong in their eyes...lol they talk about how secure there iphones are yet dont any of them realise that the jailbreak actually comes security flaws...i like apple products but i just dont like apple themselves but hey they are the masters of brainwashing consumers..i myself have the iphone 4 but if it was not jailbroken i could not use it at all. i also have the samsung galaxy s2 and in MY eyes that is the best smartphone at the moment but we all know the next best thing is just rounf the corner...also just like to say you and a few others seem to be the only one who comment without any bias and actually make sense and not blind fanboy comments.

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories