Malicious Android Apps Have Taken Over More Than 1M Google Accounts

[wayne49]

Android aside. CheckPoint's click bait history aside. The carriers' poor service in maintaining older models aside (Their profit is in selling new phones that eat more data.)

The malware app was loaded onto the affected devices by the owner clicking on a link in a phishing email. Repeat, by the owner clicking on a link.

The device owner is the ultimate responsible party for the security of their device.

Never, ever click on a link in an email unless you have verified the email is okay. Next verify that the link goes to the correct domain before entering any information or downloading anything.

Would you open your doors wide for a stranger?

 

[LeeRevell]

Android aside. CheckPoint's click bait history aside. The carriers' poor service in maintaining older models aside (Their profit is in selling new phones that eat more data.)

The malware app was loaded onto the affected devices by the owner clicking on a link in a phishing email. Repeat, by the owner clicking on a link.

The device owner is the ultimate responsible party for the security of their device.

Never, ever click on a link in an email unless you have verified the email is okay. Next verify that the link goes to the correct domain before entering any information or downloading anything.

Would you open your doors wide for a stranger?

Exactly.

On another note, I never click on a link even from a business I have an account with. If they want me to check something, I close the e-mail and log onto the business' website, then take care of what is needed. Smart Hackers can make their trawling look just like a real website.

 

[FrozenTundra]

"I might push back against this part a little.  The based Android Open Source Project (AOSP) will run on a phone;. "
True.  It will run on a phone.  Probably takes some talent and additional software to make it run a phone like most people want a smartphone to run though.  I was making some real over-generalizations, but just wanted to help people understand(who didn't already) that their "Android" phone is a special unicorn snowflake.  

As I'm sure you know, this is worth thinking about when we buy a phone.  We're not just buying the phone.  We're buying software and security support from that individual manufacturer or carrier.  I'm not sure many people realize this.  
.................
"A better term might be corrupt or adulterate.  IMO most of the changes are pointless and resource-squandering "features" for branding/marketing purposes.  
Relatively few manufacturer changes are actually value-added:  the Note series' stylus software, upgraded cameras, tuned kernels.  
Verizon in particular is infamous for disabling features from AOSP so they can charge people to add them back (tethering, etc). " 
Totally agree, but some people like all the goofy bells and whistles that I find obnoxious.   
........................
"I suspect the telcos don't want Google to push core android updates.  It short-circuits the planned obsolescence model."
It's hard.  Requires lots of time and effort to keep proprietary software secure, up to date, and running smoothly.  Google does it for their part, but the manufacturers and carriers aren't going to spend any more time and money than they have to to sell product.  

Ultimately, like everything else, the problem is our fault.  If consumers won't vote for up to date security with their wallets, out of date security is what we're asking for.  This issue permeates our culture.  Goes way beyond phones.  I'm as guilty as anyone.   

 

[Goshawk]

Any banking tool I use better have two factor authentication turned on PAYPAL has that now. Prevents someone from just stealing your password and getting in. They would also need your authentication phone in hand to login.


Sent from my iPhone using Tapatalk