08-11-2010, 11:53 AM

Quote:

Originally Posted by cwa107

What I'm suggesting is that Google puts a hook into the OS that proactively blocks these kinds of transactions until the user has confirmed (perhaps by an authentication mechanism) that it's OK to perform this function at the time the function is being performed, as opposed to when the app is being installed.

That would be a painless fix. I could live with something like. This is more of a idiot proof mechanism most power smartphone users know what they are doing.

Quote:

Originally Posted by dan828

Anyone installing some random, non-signed app that just showed up in an sms message from someone that they don't know is pretty much a tool anyways. Having a choice means you can choose to be an idiot I guess.

Very true.

08-11-2010, 11:56 AM

Quote:

Originally Posted by Kamina

@bobtomay:
You are speaking of something totally different.
This is a trojan. Your wife just encountered some retarded companys sms that earns their money with illegal stuff that is still a grey zone in law on the whole world.

Yes, I'm aware of that. Just pointing out, that even a "safe" system is not truly safe without keeping a watchful eye.

08-11-2010, 01:57 PM

Well, something that the mac website failed to mention is that not only is this not widespread, it only can rack up the expensive charges if you're in Russia. Oh, and basically you have to change the default settings to allow non-marketplace apps anyways, akin to jailbreaking your iPhone. So basically a mountain out of a molehill.

And here is what Google had to say about it:

Quote:

Our application permissions model protects against this type of threat. When installing an application, users see a screen that explains clearly what information and system resources the application has permission to access, such as a user’s phone number or sending an SMS. Users must explicitly approve this access in order to continue with the installation, and they may uninstall applications at any time.

We consistently advise users to only install apps they trust. In particular, users should exercise caution when installing applications outside of Android Market.

08-11-2010, 02:10 PM

Quote:

Originally Posted by dan828

Well, something that the mac website failed to mention is that not only is this not widespread, it only can rack up the expensive charges if you're in Russia. Oh, and basically you have to change the default settings to allow non-marketplace apps anyways, akin to jailbreaking your iPhone. So basically a mountain out of a molehill.

And here is what Google had to say about it:

Unlike most iPhone users I know, nearly ALL of the Android users I know have "rooted" their phones, thus making them vulnerable. This activety seems to be more prevalent amongts Android users for some reason.

08-11-2010, 02:19 PM

Quote:

Originally Posted by baggss

Unlike most iPhone users I know, nearly ALL of the Android users I know have "rooted" their phones, thus making them vulnerable. This activety seems to be more prevalent amongts Android users for some reason.

Well, now you know one that hasn't

I honestly don't understand the point of rooting an Android device. I'm sure there's apps out there that mess with low-level functionality, but the last thing I want is an unstable phone.

08-11-2010, 02:20 PM

Quote:

Originally Posted by baggss

Unlike most iPhone users I know, nearly ALL of the Android users I know have "rooted" their phones, thus making them vulnerable. This activety seems to be more prevalent amongts Android users for some reason.

The reason being, I'd think, is that Android is more the geek OS, where iOS4 is the hipster one. Yeah, I'm generalizing, but none of the people I know with iPhones are tech people at all, and none of them know anything about jailbreaking or why you'd want to do it.

08-11-2010, 05:59 PM

Come on, let's get real for a second. People root their devices because it affords them an opportunity to get apps which are equivalent to those in the market place, but which are free. Such as say.. an tethering app. Also, rooting allows you to totally change your GUI format/style. That alone is reason enough for TONS of people.

What gets my goat about this however, is that doing these mods is expected of Android users. The notion of being able to do such things is what Google had advertised in their first Android OS alpha stages. It was pretty much the whole appeal of Android! And now Google is acting as if people have bought into another iOS type of system ? Ridiculous. They need to take such things into account and start looking more into a beefed up unified system which safe guards everything from their end, rather than have the end USER take the heat for their laziness.

Doug

08-11-2010, 06:28 PM

Quote:

Originally Posted by Doug b

Come on, let's get real for a second. People root their devices because it affords them an opportunity to get apps which are equivalent to those in the market place, but which are free. Such as say.. an tethering app. Also, rooting allows you to totally change your GUI format/style. That alone is reason enough for TONS of people.

What gets my goat about this however, is that doing these mods is expected of Android users. The notion of being able to do such things is what Google had advertised in their first Android OS alpha stages. It was pretty much the whole appeal of Android! And now Google is acting as if people have bought into another iOS type of system ? Ridiculous. They need to take such things into account and start looking more into a beefed up unified system which safe guards everything from their end, rather than have the end USER take the heat for their laziness.

Doug

Actually, I really don't think that there is any way around the user specifically giving a rogue app permissions to access their sms. I mean it actually says on the permission screen that it can cost you money.

Really, this thing is just an app that you have to choose to install from a sketchy website and then grant it permission to use your sms system, while being warned that you are giving it access to services that you might be charged for. The only thing else to do is to ban that sort of access altogether, or limit it to only apps from the marketplace.

And really, the same argument you make about rooting android can be made for jailbreaking an iPod/iPhone/iPad-- free apps to do stuff that Apple/AT&T doesn't want you to do.

08-11-2010, 10:04 PM

It's the old walled garden arguement.
Having the walls up (like Apple do) means you lose freedom (unless you jailbreak). But on the plus side you have increased security because you know apps that make past the walls have been screened to a certain degree.

And on the other hand not having the walls at all (like Android) gives you a lot of freedom to do as you please. But this freedom creates a security risk because some people abuse that freedom and scam others. And also this more freedom can make the product harder to use. Just like Linux vs OS X. If there's only one way to do something, then there's only one way you have to learn and master which is good for the non computer minded people in our society.

08-11-2010, 10:54 PM

Quote:

Originally Posted by the8thark

It's the old walled garden arguement.
Having the walls up (like Apple do) means you lose freedom (unless you jailbreak). But on the plus side you have increased security because you know apps that make past the walls have been screened to a certain degree.

LOL... sounds like the political argument for/against the "Entitlement State". How much personal choice, freedom or money do you feel comfortable giving up in exchange for another taking responsibility for something you don't want to do, or feel you can't do?

As far as rooting Android phones goes, I have personally found it to be over-rated and unnecessary. I rooted my Droid X, installed a command line terminal emulator and Titanium Backup... then I looked around for something useful (to me) to install that I couldn't find in the Android Market. I came up with nothing that was worth messing with. After that I unrooted the phone and had a snack. Actually, I was quite surprised to find that about 20 of the 25 application I ran on iOS were available in the officially sanctioned Android Market from the same developers.

08-12-2010, 05:52 AM

This isn't an application from their market, you have to download it outside of the market.

It's not really Google's fault, more of the user's fault. Now if it was in the Android Market, this would be a problem. The user would have to change their settings to allow downloads from 3rd party places.

08-13-2010, 12:24 AM

Quote:

Originally Posted by bobtomay

There are some out there. My wife did something similar from SMS on her iPhone a couple of months ago. She didn't even know she did it. But, she had signed up for about 6 recurring charge web sites. One of them was $19.95 a week for ring tones. When I called AT&T, found out some of these can start auto charging your account simply by making any response to the SMS instead of deleting it.

My question to AT&T, was don't they vet these companies before they let them start charging people throgh their phone bill?

My wife just found out today that we had gotten burned with the same sort of thing. She got some fake link for Target with coupon/freebie offers, had it half filled out before she caught on, but by then it was too late. They had her phone number, and for the past two months we had gotten a recurring $10 charge PLUS spamming SMS messages. AT&T said we had authorized a $10 monthly service to send us advertisements by SMS. What sort of silliness is that where we'd pay to get spam that we'd pay for AGAIN with SMS fees?