It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

major breach of android / google cellphone app security

page: 1
6

log in

join
share:

posted on Jul, 5 2010 @ 03:19 PM
link   
“For millions of fans of the Twilight films and books, the ‘Twilight Eclipse Preview’ app must have been a tempting proposition, promising advance footage of this summer’s big blockbuster. However, soon after hundreds of smartphone owners had downloaded it from the Android app shop, a strange thing happened. Overnight, the app vanished, as if wiped from phones by an invisible hand - which, in effect, is what happened. Without a word of warning, Google, the supplier of the Android operating system, deleted the app form phones around the globe, having decided it was not in its customers’ best interests….. Google defended its actions - and revealed it had the ability to install software too. And it wasn’t the first corporate giant to demonstrate that software on phones, ebook readers and games consoles can be edited from afar without the user’s consent……. Steve Jobs, Apple’s CEO, admit(ted) publicly to having those powers…. “Hopefully we never have to pull that lever, but we would be irresponsible not to have a lever like that to pull.”
Google pulled its lever because the Twilight Preview app was not what it appeared to be. “Once it was installed, it could covertly connect to a remote server and download software to give it full control over whatever the phone could do: snoop on the user, make premium rate calls, read passwords…..””

The guy who wrote this app did it as a test of google’s security. Basically, there wasn’t any!! Imagine what other apps contain hidden extras!

I remember seeing something on tv a while back, someone from google was talking about their moves into the smartphone market with Android etc.. and the guy ws basically saying “what gadget do you always have in arm’s reach, what gadget knows all your contacts, all your communications with those contacts, all your calendar, all your internet history, all your passwords, all your bank details, has pictures of everyone you know…” etc etc. Basically, Google have now taken control of your phone. Or apple have.

what's that camera on the front of the iphone 4 really for anyway? no-one bothers with video calls. big brother certainly might be watching you.. don't even think about that webcam and mic looking at you right now..

23




posted on Jul, 5 2010 @ 03:26 PM
link   
Wow... I had no idea Google/Android did this with their programming and apps, this is to say the least quite a breach of privacy. I have an android based phone and no where in Google's terms or conditions does it say anything about this from what I read anyways. Needless to say just another way for TPTB to keep tabs on us. Thanks for the info Twentythreedom, S+F for you.



posted on Jul, 5 2010 @ 08:31 PM
link   
reply to post by Jackasszilla
 


There's over 4000 words in google's android terms and conditions, and itunes has over 26000! aaaaaaargh!!

and it gets worse, much worse, believe me..

Thanks

23

(edit to remove a surplus-to-requirements exclamation mark [...!] )

[edit on 5-7-2010 by twentythreedom]



posted on Jul, 5 2010 @ 09:00 PM
link   
so they can "log into " any phone and add/remove apps just like that....?

if they can get in, how can you get out?
and get in from the device side?

obviously there is a connection, more than some firmware update Tx/Rx... im glad something was telling me to avoid those pesky touch screen pocket computers... they're 3/4G, and 802.11x compatable... i heard a co-worker say the other day , she ran a wireless packet sniffer from her Iphone that dumped those captured packets on to her remote server...

i think i'll look into that a bit...



posted on Jul, 5 2010 @ 09:09 PM
link   
reply to post by nvprose1
 


That's awesome, I personally don't use data cell phones much, just prepaids... But I can see the value of running a packet sniffer and studying sessions to see any nefarious activities...

This usually how these things get caught is by someone checking data in packets or even decompiling software to find the badies...


Did she see any interesting stuff from those captures? would be interesting to know , if and when you find anything further


[edit on 5-7-2010 by alienreality]



posted on Jul, 13 2010 @ 01:58 PM
link   

Originally posted by nvprose1
so they can "log into " any phone and add/remove apps just like that....?


yes, it seems so. they have said as much...




if they can get in, how can you get out?
and get in from the device side?


dunno, it's not my area of expertise



obviously there is a connection, more than some firmware update Tx/Rx... im glad something was telling me to avoid those pesky touch screen pocket computers... they're 3/4G, and 802.11x compatable... i heard a co-worker say the other day , she ran a wireless packet sniffer from her Iphone that dumped those captured packets on to her remote server...

i think i'll look into that a bit...


can you say it english too? (seriously, that's all greek to me!)

23



posted on Jul, 13 2010 @ 06:03 PM
link   
I'm currently working developing applications for the Android platform, and can shed a bit of light on how security and app distribution is handled.

There is an official App Market run by google, but google does not require apps be distributed on their own market (unlike apple). Google's market app keeps track of what apps are downloaded so that updates, etc can be distributed. I would bet (I can't be sure because I have not read every line of code in the Android API and so don't know exactly what capabilities exist in this area) that the app was simply taken down from the market and that the market application on individual phones automatically removed the app from handsets.

Every application can request permission to do activities such as access network information, access telephone functions, etc. However, the user is presented with a dialog stating these permissions at install time and must accept them; therefore, most security flaws are not a flaw in the Android platform but a result of users simply clicking through install screens.

There are a few things that can be done programmatically that don't require explicit permission. For example, it is possible to enable or disable bluetooth silently (thought it is stated specifically in the documentation not to) within an android app.

Overall, the Android phone is a very secure and transparent platform. The source code of the platform is also available, so it is impossible for gaping backdoors that let google snoop on everything a user does to exist.

[edit on 13-7-2010 by avingard]



new topics

top topics



 
6

log in

join