Millions of Android phones yet again vulnerable to data theft

“Bluebox Security, the same outfit that last year identified a worrisome (but thankfully patched) flaw in the Android app-packaging system, has done it again,” David Meyer reports for Gigaom. “On Tuesday, the company said it had found a new Android vulnerability that potentially allows the stealthy theft of information from millions of devices.”

“Those with old Android handsets that no longer receive firmware updates are particularly at risk,” Meyer reports. “Bluebox notified Google of this vulnerability back in April, and Google has distributed a patch to its Open Handset Alliance partners. According to Bluebox CTO Jeff Forristal, Motorola has already released patches for some of its devices.”

“However, as is always the case with Android, different vendors move at different speeds. And, given that this goes all the way back to Android 2.1, there will be many devices out there that are no longer receiving firmware updates, and that will therefore remain vulnerable,” Meyer reports. “As always, the advice here is to only install apps from trusted sources and be wary of social engineering ploys that try to get you to install apps from emails and so on. ”

Read more in the full article here.

MacDailyNews Take: Fragmandroid. “Open” in all the wrong ways.

Android fragmentation and malware

Related articles:
Android ‘Fake ID’ bug lets criminals gain access to Android users’ credit card data – July 29, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
With iOS 8, Apple makes iOS even more secure ahead of smartphone security competition – June 10, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010

38 Comments

      1. And those with it can’t joke about it? I have been diagnosed with it since grade school, and yes, I have had dealt with my lot in life throughout the years. If I couldn’t joke about it, then my life would be a bit more depressing than it is. It’s my unique sense of humor that let’s me see the good in my life.

        1. What, pray tell, is wrong with liberalism exactly? We are actually trying to improve our country while you neocons blame everything on Obama, and not even attempt to fix things yourselves. Pathetic. And how have the Republicans improved anything in the past decade? Before you dish out insults, clean out your closet first.

          1. Yo Flap-ollonia

            “What, pray tell, is wrong with liberalism exactly? We are actually trying to improve our country while you neocons blame everything on Obama, …”

            “WE”……”OUR”………sums it up for me. Next time try, “THE country” or maybe you could just STFU.

            I do not believe the “neocons” (drama queen) are blaming Barry for everything. Just those things that he and his group of “holy shit I have to save my job because of this idiot” gets completely wrong, which is, well, damn near everything. And with each little “boo boo” I end up paying even more for someone elses additional free shit.

            Your not wrong and I’m not right. The answer is always somewhere in the middle. There is no middle with a socialist at the helm.

            and a side note – FUCK politcal correctness!

    1. No one has ever claimed that Android is better than iOS. The only claims to this effect are from Apple fans who CLAIM that Android fans say it. The only claim is that Android is a quality alternative for people who for whatever reason do not want or cannot obtain an iPhone or iPad. And that is a true claim. Because that claim cannot be refuted, Apple fans spend their time erecting straw men that Android fans (except for a few fanboys) never make and pretend to debunk them.

      Even Google doesn’t claim that Android is better, faster, more robust/stable or more secure than iOS. Google promotes Android’s openness, wide availability, and the fact that most of the people on the planet – including working folks in developing and even third world companies – can afford a capable Android device and use it to access the Internet. That is why the biggest announcement at Google I/O wasn’t wearables, Android TV or even Lollipop but Android One to get more smartphones into the India market that Microsoft is foolishly abandoning (and the Firefox smartphone utterly failed in … Firefox has basically abandoned its own OS and is now selling Android phones like everyone else).

      But hey, you are welcome to abandon your wishful thinking and join us in the real world anytime you want. It is a real world where your beloved Apple is #1 in quality, profits, brand recognition, innovation and aspirational status (meaning that even people who don’t have them want them) and Android is #2.

      But being #1 isn’t good enough for you, is it? You Apple fans want a monopoly, to hypocritically enjoy the dominance in mobile devices that you hated Microsoft for enjoying in PCs for 20 years. Well fine, pressure Apple to come out with a iPhone that costs $300 new (not refurbished or obsolete) and unlocked (without a 2 year carrier “subsidy” ripoff where you wind up actually paying 4 times the cost of the device) and an iPad that costs as little as the Kindle HD or the Nvidia Shield. And why not? Apple retained the iPod Shuffle as a low end entry level device for people on a budget (and priced it for as little as $50) after the mid-range and premium iPods came out (and curiously no one accused Apple of racing to the bottom and courting bottom feeders when they did).

      You guys have your cake but are too bitter and resentful to enjoy it. Sad.

      1. “Android is a quality alternative ”

        that regularly gets infected with malware outbreaks?
        🙂

        Apple fans mainly are pissed off with android NOT that they in any way shape or form think it’s better or EVEN ON PAR with iOS but the fact that it was STOLEN from Apple by Eric Schmidt who was on Apple’s Board in a horrible betrayal against a trusting friend Steve Jobs who was SICK WITH CANCER and who mentored the Google boys. They stabbed friends and a business partner in the back in spite of the fact they had stupid huge piles of personal monies (billions ). Even Schmidt the hired CEO has 8 BILLION dollars !. PURE GREED. (I don’t want to into the history of ‘stolen’ as it’ll be too long but it is irrefutable fact based on the original Google phone prototype, OS components, Google engineer testimonies which one can read on the internet and court cases lost by Samsung ).

      2. Speak for yourself. I do claim that Android is better than iOS. Not just better. Far superior. There was a time when iOS was better than Android in a few ways and Android better in others. But those days have long since passed. None of these “malwares” have ever affected me. I don’t pirate software and I only install from reputed externals sources. So while there is a ton of malware written for the Android platform, actually getting your phone infected is quite difficult, unless you are hell bent on ignoring every warning and common sense. For those users, a locked down iOS is a better choice and I highly recommend it to all my completely non techy friends. And even those users are liable to get screwed if they are also susceptible to social engineering and phishing.

  1. If millions of Android phones are vulnerable to data theft, it is only because there are over a billion Android phones out there due to Android having 81% of the smartphone market.

    The truth is that despite this FUD being breathlessly “reported” on the Apple sites, because Google addressed this vulnerability weeks ago with an update to Google Play services, this is not an issue for 93% of Android phones that have Google Play services.

    http://www.androidcentral.com/fake-id-and-android-security-updated

    Now the Android phones that run forked Android that do not have Google Play services such as the Amazon Fire Phone and various Chinese phones (this does not include Xiaomi, who allows users the option to install Google Play and most do) may have this vulnerability, but even then it will only practically be exploited if they have the horrible Chrome for Android browser. As this terrible version of Chrome is only used because it comes pre-installed on Google Android phones, it is extremely difficult for me to imagine anyone on a forked Android phone using it instead of the far superior Mozilla, Opera and Midori for Android browsers.

    And another thing: there has not been ONE instance of an actual user being exploited by this vulnerability. The same thing with the other security threats that the anti-Android crowd reports. While the potential is certainly there, nearly all of those problems can be avoided by using major, reputable app stores like Google Play, AppBrain and Amazon instead of downloading *.apk files from the Internet and side-loading them. Meaning that the people who are most vulnerable to these security threats are the very people who have the technical interest and skill to avoid them, and the ability to do things like root, jailbreak, side load and customize with Android was the very reason why they chose it over the (superior) iPhone and iPad to begin with.

    Bottom line: if Android was 1/4 as bad as Apple fans are convinced as it is, it would not be nearly as popular. It isn’t as if there aren’t other options. Even if you were dead set against an Apple device for some reason, Windows phones have been available for years as a very practical and functional alternative. But when Apple fans mock the failure of Windows phones and tablets, they seem to only attribute it to the popularity of the iPhone and iPad. Instead of acknowledging that the popularity of Android (a clear #2 to Apple even among high end customers buying premium hardware) is actually a bigger factor in the failure of Windows phones and tablets than Apple. Apple was going to dominate regardless because they have the best product that they spent years designing, developing and refining, along with the ecosystem. Windows was only going to succeed as an alternative to Apple, and because of Android they can’t.

    So again, enough articles with “MAJOR SECURITY BREACH IDENTIFIED IN ANDROID.” Instead, print “millions of Android users harmed by security breach!” articles. Except … you can’t. Why? Because those articles do not exist. Why? Because it never happens. Why? Because nearly all the security breaches only exist if you do not get your apps from Google Play. Which only the techies smart enough to avoid security breaches are into.

    So print all the articles about how the iPhone and iPad are better products with a better iOS backed by a better company all you want. Print all the articles about fragmentation and update issues all you want. Because that stuff is true. But claiming – or implying – that Android users are getting hammered by bugs, viruses and worms the way that Windows users were 5 years ago before Microsoft finally started to get ahead of security issues with Windows 7? Wishful thinking.

    1. assman,
      How much was this week’s check from Gaggle/Scamscum? And you’re comparing Andybot to Windows 7 “security”? Try another forum and stop wasting our time here.

      1. “How much was this week’s check from Gaggle/Scamscum?”

        You can come up with vulgar insults all you like. What you cannot do is find a single media source where any of the HUNDREDS OF MILLIONS of users of Android devices are actually affected by Android security flaws. You can with Windows. It is easy. Just type “Melissa virus.” “Blaster Worm.” “Code Red.” “ILOVEYOU” Trojan horse. Affected MILLIONS of users each one, as did the SQL Slammer in the Windows Enterprise. But find ONE ARTICLE that depicts any serious number of ACTUAL ANDROID USERS being victimized by security breaches.

        It is why Windows machines need anti-virus software. It practically adds to the cost of the software, most OEMs sell anti-virus suites pre-installed that you have to pay a license fee yearly to reactivate after the trial period expires. Windows had to create their own anti-virus software comparable to the commercial security suits and build it into their OS (beginning in Windows 7) for free.

        But on Android? Virtually no one buys those security apps in the Google Play store. Why? Because they don’t need them. The security suite companies, who are being hammered by declining PC sales, actually started spreading their own FUD about Android security issues in a desperate attempt to get people to buy them to replace some of the profits that they are no longer getting from Windows. It didn’t work. That is reality whether you want to acknowledge it. Again, it is easy. Find one article about millions, thousands or even hundreds of people being impacted by Android security threats. You can’t, because if such articles existed they would be headline news here, AppleInsider, Cult of Mac and all the other Apple fanboy sites.

        1. “But on Android? Virtually no one buys those security apps in the Google Play store. Why? Because they don’t need them”

          LOL
          Android users don’t buy them because:

          1) they are tech clueless, the don’t even KNOW about gigantic malware threat (called by some analysts as a ‘cesspool’)
          many of these malware are hidden, some for example only collect small amounts of money via hidden charges which are not easily noticeable etc.
          2) those who do know also realize MANY of the so called android virus checkers etc are SCAMS and do absolutely nothing or might even be malware themselves!
          Millions of malware infected apps have even been release via the official google android store.
          3) Many Android users are TOO CHEAP to buy apps.


          “Find one article about millions, thousands or even hundreds of people being impacted by Android security threats. You can’t, because if such articles existed they would be headline news here”

          LOL,
          my Google search which came out with 1 million results, FIRST ON THE LIST:

          V3.co.uk:

          “Android apps with Trojan SMS malware infect 300,000 devices, nets crooks $6m”

          LOL 🙂

          hey: number 5 on the List:

          Computerworld:

          ” The largest-ever Android malware campaign may have duped as many as 5 million users into downloading infected apps from Google’s Android Market …. Android.Counterclank is a Trojan horse that when installed on an Android smartphone collects a wide range of information, including copies of the bookmarks and the handset maker”.

          —-
          SHOOT I’M RUNNING OUT OF SPACE FOR MORE EXAMPLES!

          WHY DO YOU THINK GOOGLE INVENTED THE GOOGLE BOUNCER AND GOOGLE SCANNER (malware detectors) IF THERE WASN’T A GOD AWFUL INFESTATION OF ANDROID MALWARE?

    2. You’re right, there are quite a few misguided people who like android for the bad performing mess it is but mostly because a) they hate Apple or b) they bought the cheapest phone.
      Androids popularity/market share has nothing to do with people asking for an android phone specifically but everything to do with price/people not caring what phone they get next after the old contract ran out

      1. “for the bad performing mess it is”

        Apple fans who only reference Gingerbread, Honeycomb and Ice Cream sandwich versions from 3-4 years ago are dishonest (to be kind). Android stability/performance issues have been fixed since Jellybean, and its security and battery life issues were addressed in Kit Kat. An Android phone with decent hardware running Kit Kat performs similarly to a 3rd generation iPhone. Android L, which contains even more performance, stability and security improvements (yes security as Android L contains Samsung Knox, which was certified as secure by government agencies in need of secure devices), makes a device with good hardware comparable to an iPhone 4.

        Those are facts that can be verified by industry experts and is even conceded by those who strongly favor Apple. Of course, the new iOS will once again widen the gap between Android and Apple, but right now the main advantage that Apple has over Android is superior apps, especially for tablets.

        Facts, not hyperbole.

        1. As an owner of a 2nd gen nexus 7 with L installed, nexus 4, galaxy nexus, Xperia tx + a few other cruddy devices I can confirm that android is a bad performing mess. The reason iOS apps are superior is iOS itself and the performance that comes with it. I have not played a game on ANY android device that runs smoothly. Despite higher specs all games jitter with frame rate issues and being comparable to an iPhone4 is nothing to brag about, it was the first retina iPhone with a gpu that can’t handle 90% of games realised these days

    3. I’m open to the notion that a vulnerability does not equate to exploits. However, you seem to be focused on viruses. That’s not what I hear so much about. I hear about SMS texting premium services without the users knowledge or consent. There are many news reports about actual incidents of that happening. Combine that with the reticence of most organizations to report that they’ve been hacked (I’m think of banks and cellular carriers here, those who would be the “victims” in fraudulent SMS schemes) and I’m not surprised you don’t see millions of reports. But as law enforcement likes to say: Follow the money. The lack of millions of news reports has to be balanced against the clear economic incentive and reward that is motivating these folks to introduce these kinds of malware into the Android ecosystem.

    4. Altman, this is the sort of trolling that really pisses me off.

      Step1) prepare a comment that sounds reasonable and has an even handed tone.

      Step 2) insert numbers and stats that support your view and ignore facts that don’t. If there are no facts to support you then make ’em up.

      Step 3) wrap it all up in such a way that you seem to know what you’re talking about.

      Don’t get fooled by such bullshit.

  2. Tech nerds fell in love with Android because of “openiness” and customizability. These folks influenced the technical illiterate to go with Android. It is now obvious that Android is a complete failure and will hurt the unknowing. To save face these “so-called” experts should recommend iOS or they will lose all credibility.

    1. No, what influenced people to go with Android was not being able to afford an iPhone, or not wanting to pay twice as much for a device that basically does the same thing. In other words, the same thing that causes 90% of people to choose a Windows PC over a Mac. All the “experts” do recommend iOS. NO ONE claims that Android devices are better. They merely CORRECTLY state that Android is a good alternative for those who NEED or WANT one.

      To the hundreds of millions of people out there who really would be better off getting a $250 Android device instead of a $700 iPhone (or getting suckered with an iPhone “subsidized” with a usury type data plan from a carrier) what do you say? Let them eat cake? Go buy a feature phone? It is a serious question. Apple retained the iPod Shuffle and sold it for as little as $50 for folks who didn’t have the money to pay as much as $400 for a music player. They came out with the Mac Mini for people who do not have enough money for a MacBook. Why they won’t do the same for lower middle and working class potential iPhone and iPad customers … well that explains the 81% market share of Android right there. Not techies who side-load apk files and root their phones.

        1. Yes and my Android device does pretty much the same thing that your device that costs 4 times as much does. It even runs most of the same apps. And the technical skills that I am learning by going on the Android fanboy tech geek sites is giving me technical skills that I can use to get out of my trailer and get an IT job, just as people did with the far more open Wintel market 20 years ago when they gained a lot of skills playing around with DOS and the tons of third party peripherals that were out there and were able to parlay that experience into the (then) wide-open tech support field and high paying jobs without needing to saddle themselves with thousands of dollars of college debt. Many of whom also picked up Linux and Cisco along the way and are now making 6 figures as systems and network administrators.

          It is not a bad thing, and is certainly nothing to be ashamed of.

      1. Has it ever occurred to you that maybe some Android users are anti-Micro$oft? My sista has an Android tablet because she told me that she HATED Windows 8 tablets, and she wanted something nice, different, and unusual. Maybe, just maybe, some would prefer a green robot over a colorful window that breaks way too much.

  3. Nothing to see here, is just android, not apple.
    Besides that, is not a big deal because it is more difficult to steal money from an android user than iphone user, you know why? Because android users don’t have any money, that is why they settle with an android phone.
    So you can’t steal what they don’t have.

  4. Less than 0.01% of Android devices have malware. If that is not a secure O.S. then tell me what is. Not only is Android secure, its user friendly and innovative. The only bad thing Android has going for it is fragmentation. & you can avoid this by purchasing a nexus or GPE device.

  5. Can’t we all just agree that Windows is garbage compared to either iPhone or Android? No matter how awful Android is compared to iOS, Windows still sucks by comparison.

    1. Indeed. I once hoped that MS would grow to be an android killer but alas, Balmer cocked up win phone (any version) so badly that I doubt that this will happen.

      Apple just killed android and WP8 in the big corporate market with IBM.

      IMHO, android will stay at the cheaper end of the consumer market whilst Microsoft disappears up its own arse.

      Fun to watch the next year or so. I’ll bet Apple will still be the one raking in the money.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.