Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You clearly didn't read a single link that I posted. I did a comprehensive study of all malware targeting mobile devices between 2011 and 2012 and, yes, they are targeting the device itself and the design choices made while building it.

EDIT: oh wait, there you go blaming the user again. "Grandma should have known the difference between THIS app that requested her contacts and THAT app that requests her contacts and stole them. Jeez Grandma! Get with it!"

How is that not a design problem? I thought we gave up delegating security decisions to the user after we saw what happened with SSL?



EDIT: oh wait, there you go blaming the user again. "Grandma should have known the difference between THIS app that requested her contacts and THAT app that requests her contacts and stole them. Jeez Grandma! Get with it!"

No, I didn't blame the user. I pointed out that most of the problem with malware on Android, for the overwhelming majority of users (who don't sideload), was that the Play store is a wild west right now, where people pay $25 and make an account where they can instantly publish "Temp1e Run" that is actually nothing of the sort. This is the cause of the overwhelming majority of malware on Android.

Should apps be able to have those specific rights (such as sending pay SMS')? Yes, absolutely they should. The ability for apps to do more interesting things is exactly what differentiates it and makes it better. Simply saying "keep every app in a silo where it can't do anything" is not a choice users want.

EDIT: And just to loopback again, you again claim that malware needs to somehow break the bounds of the Android system to do its evil deed (exceeding permissions, cracking ASLR, etc). That is absolutely untrue in practice. Malware on Android, courtesy of the practically unmaintained primary market, is largely a study of social hacking.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: