[Q] Is Antivirus necessary ? - Galaxy S I9000 Q&A, Help & Troubleshooting

Hi,
I searched but couldn't find in this forum the answer of my question.
So, is an antivirus software necessary for Android? i can see a many of them on the market.But i don't want to install something that only "appears" do a lot of things but actually does nothing.

i personally think antivirus is essential, you have it for your pc right ? why not for your phone ? especially since android is open source, its easy for someone to make a virus and pretend its an amazing app.. even so our phones have everything on them.. contacts. passwords, personal info. email messages, saved bank details. i highly recommend antivirus for your phone.
i use lookout mobile security, its free ( or 30day free trial for pro ) and it scans every new app installed, it updates regularly, and best of all, if you ever lose your phone or have it stolen. you can go on to mylookout.com and block the phone / wipe all data / even track it down thru gps (even if gps is disabled ) all via your pc. its well worth it..

Thanks for the reply !
Actually i was wondering if Android is linux based, it could not be affected by a virus.
What you are talking about is more of a malware/spyware related problem (like stealing passwords, CC numbers etc.).
But if a software can prevent that kind of stuff , its well worth it.
Just wanted to know does Lookout mobile security makes your SGS( I am Assuming) slow ?

You can try avg pretty fast.
Sent from my GT-I9000 using XDA App

Superuser_x said:
Thanks for the reply !
Actually i was wondering if Android is linux based, it could not be affected by a virus.
Click to expand...
Click to collapse
Sure it can be, the scale of viruses written for Linux is just smaller than is for Windows OS (imagine how many people use Windows), but since Android is growing at a really fast pace, I think that AV programs will be needed in the future if not now (at least for average users).

Superuser_x said:
Just wanted to know does Lookout mobile security makes your SGS( I am Assuming) slow ?
Click to expand...
Click to collapse
Not, that I have noticed it. It's pretty light weight...

I don't think so, not yet at least. Android is designed so that when you install apks or market apps, you are shown the permissions they require. This goes some way to helping you decide whether an app is trustworthy or not.
If in future, we get a spate of viruses/fake apps hitting android, then it might start becoming a standard feature. If you follow sites like xda or android websites daily, you will probably hear about any viruses before you even get the chance to download them (imo).
In the meantime, antivirus apps probably just reduce your battery life and performance...

No not at the moment. If your phone isnt rooted then apps wont have full access to system files, so in that sense i guess your protected to an extent.
If you only install apps from trusted sources then you should be fine. Perhaps over the coming months you may wish to implement a security solution as threats emerge more often.
Personally im awaiting a solution from ESET if ever. If it is somewhat similar to their desktop sloution but optimised for android then im hoping it will be just as light on resources. Avg just slows my phone right down. In any case im sure that you can expect a slight decline regarding phone performance with a security solution implemented.

every one has their own opinion, personally i cant see what harm it can do having a antivirus, lookout for me doesnt slow down my phone at all, and its reassuring knowing that all my apps get scanned regularly, some think its easy to get a virus, some say different, least if you do have an anti virus, you know your covered just incase,,, plus the extra benefits of lookout are superior...

Hmm.. Appreciate you all replying
As for AVG , i never trusted it to be working(on PC).So i am going to lookout for something else... like Lookout
Seems it is still a debatable issue that is an antivirus really effective on android platform.May be some hardcore developer can answer it more clearly.
I see some paid Antivirus softwares on market, can't make out there worth.
So the question still remains the same....Is an antivirus necessary on android ?

well looks like you will have to make your own conclusion on that one... there are free anti viruses out there, so you cant go wrong

Related

Ad sponsered free apps increasing, Any type of firewall?

Well been doing alot of study lately and it seems ALOT of apps on the market that are full versions and are "free" seem to have ad sponsored elements in them. Sending your GPS data to whoever or other various things. Now while if the dev mentions on the description that their "Paid" version is ad free. Least its up front and honest about it. However alot of Apps I found out hide this info it seems. Is this going to be the new "Kazaa" on the G1? Back when Kazaa came out, is when the influx of "Spyware" was increasing. Im worried is this happening to the G1 now? While I can understand devs choosing this to make their app free and gain from it a lil. Whats to say other devs wont use this for other intentions that may have some negative impact?
Just wondering tho.. for modded G1s. Is there some sorta firewall app or so yet that might be useful? Anyways just thought I would post for discussion case I am worried over nothing.
Install AdFree from the Market.
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Mysticales said:
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Click to expand...
Click to collapse
A little paranoia is a healthy thing, too much is bad, but these ads collect all sorts of location information to profile you and provide relevent advertising, but who knows what else happens with the data etc etc etc
PS you need root access on your phone to use AdFree
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account? Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS.. not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Mysticales said:
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Click to expand...
Click to collapse
You can use your own hosts file on your own phone, AdFree just automates the process, if you look at this thread it started off describing how to do things manually.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account?
Click to expand...
Click to collapse
Possibly, I haven't looked into accessing the google credentials from the android APIs so I don't know for certain, might be a private API google only shares with it's own apps, that doesn't mean someone won't figure out how to access them however.
Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS..
Click to expand...
Click to collapse
When you install an app there is a screen displayed of the permissions the apps ask for, read/write contacts, calendars etc will all be displayed, you should be able to see the permissions an app will have access to after it's installed as well from memory.
not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Click to expand...
Click to collapse
You should be more worried what google will do with all the info it collects to be honest, but that's another issue altogether.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Click to expand...
Click to collapse
You are prompted during install as to what the app will be able to access, google leaves it up to you to accept it or not.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Click to expand...
Click to collapse
Depends how the tethered setup gets DNS info, if it uses the information from the hosts file then yes, but this is dependent on what the tether setup does.
Mysticales said:
Its like a new gateway has been opened.
Click to expand...
Click to collapse
Only if you never bothered reading the permissions requests when installing an app. They clearly describe what permissions an app wants to use and you can cancel the installation if you feel you don't want to give an app the right to access your personal info. So if you install a game that says it wants access to your Google Account info (which would include your email and thus all your associated google services) then you have only yourself to blame if the dev sends you a ton of spam or sells your email address.
Bottom line is read the permissions requested carefully and decide whether you trust the company/entity that created the app before installing it. Also, i'd be very wary installing any root apps, since root apps by their very nature can operate outside of dalvik sandbox and do practically anything they want to your system. I'm only running two root apps right now: Market Enabler and Wifi Tether. They are both open source.
Well of course I read the permissions thing. However still I would still wonder about things.
Mysticales said:
Well of course I read the permissions thing. However still I would still wonder about things.
Click to expand...
Click to collapse
Google actually closed up some of the loop holes that apps were using on Android 1.0/1.1 to enable wifi etc.
jashsu said:
They are both open source.
Click to expand...
Click to collapse
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Its not anything malicious and you can easily see the permissions when installing.
People all like free apps instead of paying a few dollars, but when an ad is added people try to get rid of it... Havent you all ever wondered why the ads are there? Just like on a forum as the one you are on right now? Right they generate at least a little bit of money for a dev that doesnt want to charge the users directly by letting them pay, but spends almost all his free time to keep apps updated, write new once and answering questions.
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
delta_foxtrot2 said:
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Click to expand...
Click to collapse
It's not difficult to get the code from svn and compile it. Pretty effortless.
rogro82 said:
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
Click to expand...
Click to collapse
Many people don't like to view ads on their computers, let alone their mobile phone. Thus if people can block the ads easily, they will. Content producers and software developers will simply have to find a new business model to pursue. Maybe that's a free/premium differentiation model or maybe its microtransactions. That or they will have to deal with a percentage of their userbase blocking ads.
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Now again, I said I understand why they are there for free apps. Its just that as a user myself.. I like to know Im protected from potential hazards. Also alot of devs like to make something hot to use on later resumes and projects. Ive worked with alot of devs in my time start with nothing and grow to get bigger jobs in RL cause of the project. =)
jashsu said:
It's not difficult to get the code from svn and compile it. Pretty effortless.
Click to expand...
Click to collapse
I didn't say it was hard to get or compile it, but auditing the code to make sure nothing malicious is going on can be very difficult at times. There is a code obfustication competition each year and it's extrodinary what some can do and you'd never know unless it was pointed out to you.
Mysticales said:
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Click to expand...
Click to collapse
It's not just "issues" too many ads tick a certain segment of the population off to the point that they go to these lengths to get rid of them.
This is of course before you factor in this segment of the population are usually the least to click on ads, usually for ethical/moral reasons, so them getting rid of ads is usually no big loss.
Last time I checked AdFree was downloaded less than 5,000 times, now compare this to a speedometer app I made which anyone can run and it's been downloaded over 10,000 times I highly doubt any dev relying on ads will actually loose out by the people that can and are blocking them.
rogro82 said:
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Click to expand...
Click to collapse
The meta data that can be gleened from this sort of advertising can have all sorts of flow on effects and unintended consequences.
I see the world and potential pitfalls in things differently than others, I don't know why, but the more data collected the worst things can be.
If you are interested in what country they are from/in just pull the country code from the SIM card, why narrow it down to within a few metres?
Well since I have been using Adfree. Let me say this. My G1 seems to be running faster! I dont get as many force close/wait errors. Certain apps like atrackdog for one RUN faster. I mean without the ads running, it seems my apps speed through their task and do what they are supposed to. Kinda interesting note oddly.
Also lets say a app you know would be using GPS to locate you on a map. Thus triggering "Give app permission to use your GPS" which you know why it needs it. But does the app also tell you that it uses the GPS for Ads? So I dont always trust what it says when it comes to permissions as it doesnt mean in the underline that its not using the same permission to do other things. Would be nice if the G1 had a notice that the app uses Ad support.
Linux is a wonderful and powerful operating system that can do just about anything you can possibly dream of.
First, the hosts file hack is a piece of crap since all it does is it points potentially malicious domain names back to self. It doesn't take into account connections that are ip address based... those will still go through and there is nothing that can be put in the hosts file to stop that.
iptables on the other hand.... included in 1.0 and 1.1, and several custom 1.5's, can do many strong things; block by ip address (including if it tries to lookup by dns), block by port, *BLOCK BY USER ID*.
The latter is particularly interesting since each program installed on android is assigned its own userid. That means that with the correct iptables rule, you can block all network traffic for THAT PARTICULAR PROGRAM. Or you can blacklist/whitelist servers for that program, etc.
http://www.cyberciti.biz/tips/block...ingle-user-from-my-server-using-iptables.html
http://www.cyberciti.biz/tips/linux...ng-access-to-selectedspecific-ip-address.html
For example, when I issue this command:
iptables -A OUTPUT -o tiwlan0 -m owner --uid-owner 10017 -j DROP
My browser is no longer able to connect (since it is uid=10017) using wifi (tiwlan0 is wifi). Note: leave out the entire "-o tiwlan0" argument and it should block all outgoing on all devices for that userid.
To find the userid for a particular program, do "ls -l /data/data/program'sdatadirectory"
So on JF 1.51 is this ability already there? Yea I know Linux is great for iptables. Always is, even in routers hehe.
If its not in there already, Debian, how well does that work on the G1?

Artfulbits Anti Piracy Database to ban people that pirate apps from using stealing

http://www.artfulbits.com/Android/antipiracy.aspx
If your a Dev please support them, if you need assistance msg me i can send u code that will allow your app to automatically send a message to this company with a users information that has stolen your app or tried to steal it.
pentace said:
http://www.artfulbits.com/Android/antipiracy.aspx
If your a Dev please support them, if you need assistance msg me i can send u code that will allow your app to automatically send a message to this company with a users information that has stolen your app or tried to steal it.
Click to expand...
Click to collapse
I'm all for cracking down hard on piracy, but there are three big flaws with this solution:
1) How would Artfulbits verify that an app reporting a device is a "dark" device is making that report in good faith? If a bunch of pirates wanted to render this service pointless, they could just create apps that flood the service with false positives.
2) It is possible (although difficult) to link IMEI to a user/owner. This makes a publicly accessible database of "dark" IMEIs somewhat shady in terms of being a breach of privacy.
3) Finally, if this service is to be useful, apps have to have some way of acting on the information in the database. That is just going to lead to folks "cracking" apks to remove the IMEI-checking routines, or simply using leakproof firewalls to prevent the app from accessin the IMEI database.
Thoughts?
There is not going to be a way to completely stop piracy. Google just needs to step up the way the market works to prevent some of the piracy.
I understand devs deserve money for their hard work (and the log of my google checkout shows I support them) but I personally dont want any app reporting any information about myself or my phone. If there is a list of which apps do I will find an alternative for better or worse and not use the app. Not to knock on those who support this method, I just personally dont like it.
rondey- said:
There is not going to be a way to completely stop piracy. Google just needs to step up the way the market works to prevent some of the piracy.
I understand devs deserve money for their hard work (and the log of my google checkout shows I support them) but I personally dont want any app reporting any information about myself or my phone. If there is a list of which apps do I will find an alternative for better or worse and not use the app. Not to knock on those who support this method, I just personally dont like it.
Click to expand...
Click to collapse
Well considering my app has been pirated 3x as much as it has been downloaded legally i would be willing to let go of the few that are not comfortable with their imei being registered on a website which only happens if u are stealing an app, most apps out there gather more information from you than that without you even knowing.
I don't get why people would install this program. If it detects pirated software on your phone then who the hell are you letting you use your phone? Lets say you know you have pirated software well then of course you wont install this program. If you know your running a clean rom and have no reason to suspect pirated software your giving up a lot of information for a false sense of security. So unless this is forcibly installed on everyone's phone I don't see what's the point.
psychoace said:
I don't get why people would install this program. If it detects pirated software on your phone then who the hell are you letting you use your phone? Lets say you know you have pirated software well then of course you wont install this program. If you know your running a clean rom and have no reason to suspect pirated software your giving up a lot of information for a false sense of security. So unless this is forcibly installed on everyone's phone I don't see what's the point.
Click to expand...
Click to collapse
It's not a program you install. It is a database. App developers write routines into their programs which access the database. If an application suspects that it was illegally pirated, then it will send the user's IMEI to the database.
This is stupid idea. Go to the source of piracy if you want to fight it.
Give people access to paid apps on market and they won't download illegal copies form rapidshare...
su27 said:
Give people access to paid apps on market and they won't download illegal copies form rapidshare...
Click to expand...
Click to collapse
Riiiight... because if you give pirates the option to pay they'll definitely all pay right?
This database thing bothers me.
Not because I might be stealing programs..
but because I might find one and not know its "dark"
Suddenly I'm on some blacklist because I thought an app was cool?
I just did a search on one of the torrent sites, and found a file to DL.
It has 231 apk files and 2 .bak files. (I'm assuming the bak files are for a cracked version of the paid apk) but many of these files are a)old versions or b) free already.
Normally I would say SCORE! I don't have to DL to the g1, then back up, uninstall, transfer to the pc, and store.
Last time I tried a file like that, more than half were for cupcake, and would not work on my donut. Recycle bin.
With this Database I would get tagged as a cheater the first time I tried to install any of those files that were marked. But I have no idea they are "dark" before hand.
While I thank the Dev's for the work they do.
{Seriously, Thank you Developers!}
I'm a student, and I'm poor, which means I'm cheap.
I have several free apks stored away. Hell, I still used youtube downloader 1.2...until it quit working last week. Why, because I don't want to spend money just to have a cool phone.
If you really want to make it hard on the thieves... someone make a program that cripples another program, until the user requests the full version. Then it reads the Imei number from the phone and sends an upgrade request to a server. The server requests payment. Server verifies payment. The server issues a hashed password based on the Imei, which is then sent back to the phone as a password. Customer never sees the password.
This is what Doc to go appears to do. I could be wrong.
Now make it so that program can be imbedded in any other program.
Now thieves need a whole crap load of hacking to find enough hashed passwords to find the hash.
If the hash is added to at random intervals, or a different hash is used based on the Imei number, they might never find the hash.
Besides that, how the heck does a program know if it has been stolen?
How can it tell between a stolen program and a wiped phone that is getting reinstalled with backed up apk's?
jashsu said:
I'm all for cracking down hard on piracy, but there are three big flaws with this solution:
1) How would Artfulbits verify that an app reporting a device is a "dark" device is making that report in good faith? If a bunch of pirates wanted to render this service pointless, they could just create apps that flood the service with false positives.
Click to expand...
Click to collapse
Exists several strategies, for example the most popular is "honey pot" strategy. When vendor especially making leak of software or prepare specially application to track piracy.
jashsu said:
2) It is possible (although difficult) to link IMEI to a user/owner. This makes a publicly accessible database of "dark" IMEIs somewhat shady in terms of being a breach of privacy.
Click to expand...
Click to collapse
For example in our country sufficient IMEI of the phone to find it owner and it location, of course if you have police under your shelders. That is why I am thinking that IMEI is a good identifier.
jashsu said:
3) Finally, if this service is to be useful, apps have to have some way of acting on the information in the database. That is just going to lead to folks "cracking" apks to remove the IMEI-checking routines, or simply using leakproof firewalls to prevent the app from accessin the IMEI database.
Thoughts?
Click to expand...
Click to collapse
Solution is not perfect, but can be easily enhanced. HTTPS protocol with certificate checks will make firewalls and redirections useless.
What functionality exactly you have in mind?
[email protected] said:
While I thank the Dev's for the work they do.
{Seriously, Thank you Developers!}
I'm a student, and I'm poor, which means I'm cheap.
I have several free apks stored away. Hell, I still used youtube downloader 1.2...until it quit working last week. Why, because I don't want to spend money just to have a cool phone.
Click to expand...
Click to collapse
Leave according to your money. what can I say... spend less, work more.
[email protected] said:
Besides that, how the heck does a program know if it has been stolen?
How can it tell between a stolen program and a wiped phone that is getting reinstalled with backed up apk's?
Click to expand...
Click to collapse
Several simple steps:
- install software only from well known web sites, Android Market, Handagoo, SlideMe, etc.
- try to use trials and if it does not exists but you want to try, contact with developers. In most cases developer will provide you version for testing.
- if your phone is placed into black list, then you can contact "blacklist" vendor for explanation and fixing.
jashsu said:
Riiiight... because if you give pirates the option to pay they'll definitely all pay right?
Click to expand...
Click to collapse
You see - that's your problem - you want to fight the enemy instead of prevent war.
In my country there are many people who would pay for android programs because they are quite cheap. But we have no access to paid market. That is why we download apps illegaly.
Now, what do you think will faster stop us from stealing apps:
A. Calling us pirates and thieves
B. Giving us access to paid apps
su27 said:
Now, what do you think will faster stop us from stealing apps:
A. Calling us pirates and thieves
B. Giving us access to paid apps
Click to expand...
Click to collapse
You are making the incredibly flawed assumption that piracy only happens because people have no access to the paid market. Are some people put in this situation? Yes, probably. But the majority of pirates likely DO have access to the paid market and simply don't want to pay.
I am a bit confused, what does this ban people from? The market in it's entirety?
If that is the case, I would think you'd see an outburst of pirating once people couldn't access the market anymore. And that would also prevent people who may not feel like dishing out $100 for a navigation solution from purchasing numerous $1-10 programs that they would actually use on a daily basis. I think this methodology is flawed.
Piracy will never be completely stopped. However, making it harder for people to pirate your software is the best prevention. Instead of saying "Oh, you might have installed a pirated copy of XXX on your device, so now you can't purchase any more programs legitimately, so keep on stealing!". Due diligence falls on the hands of the software creators. If piracy is something you want to prevent (or at least inhibit) for your software, create an IMEI checking device key required to be granted after receipt (and clearance) of payment. Similar to CoPilot, granted it still gets cracked - it is much harder and much less widespread, and a simple update renders it useless to those who used the cracked version (check all over these forums for people complaining about it).
Also, implement trials that don't require the user to pay for them, giving them only 24 hours to try something out before they decide they need their money back. Even Microsoft lets users go 30 days without activation (last I checked) to try out Windows. They do not (to the best of my knowledge) make great attempts to prevent their software from being copied, but instead make it harder on those who do pirate it. Blocking system updates (of course everything has a workaround or crack, but making it harder on someone is oftentimes a great deterrent), preventing new feature installation, etc.
I am not condoning piracy, nor am I condemning software publishers. Just trying to make a point, which is this:
If you take someone who has stolen a program (for whatever reason/justification they may think of) and punish them by revoking their access to purchase said program (or any other program), you have thus reinforced their reason/justification to not purchase any programs.
Now, i may be wrong here, but looking at their source code to integrate into applications, there seem to be 2 things: 1) the device has to have a data connection, otherwise the code doesnt know whether the device is blacklisted or not, at which point it defaults to assuming it isnt, which overall is a good thing for users who have paid but for whatever reason dont have network at that time, however it is easy enough to stop an application from accessing the network, or even a specific site (ie the site for your imei number on their page).
secondly, is this meant to run on the first run of an app, or every run? if it is every run then i can see people getting annoyed by the unnecessary data usage, whereas if it is only on the first run then someone still has access to all their pirated apps from before they were on the database.
please note the only coding i have done is some fairly simple C, so i could be wrong, but anyone can check this if they want: http://www.artfulbits.com/Articles/Samples/Piracy/Integration.aspx
I think that by now most people know that I don't honeycoat things, so I'll just say it... this idea is RETARDED.
1) The application needs to use the API to get the IMEI. If you start using the IMEI to blacklist phones, a minor modification to the API causes the application to always read a string of 0's. Defeated.
2) The application needs PERMISSION to read the IMEI (android.permission.READ_PHONE_STATE). If you start requiring programs to have this permission, people will simply DENY it this permission (yes, it IS possible to block a permission)... this is ESPECIALLY the case when the application has *no good reason* to read the phone state.
3) As has been mentioned before in this thread, HOW DO YOU KNOW that an application you are downloading is pirated? Many applications are FREE to download, and virtually NONE of the pirated apps are labeled as "THIS IS PIRATED".
4) Connection to the internet can be EASILY blocked. Lots of ways... firewall, hosts, permissions, etc. Again, defeated.
Oh, and to those saying crap like access to paid market won't stop piracy, NOBODY SAID IT WOULD!!! It *WILL* reduce it though, since there ARE people out there who WOULD buy apps *IF THEY COULD*.
daveid said:
I am a bit confused, what does this ban people from? The market in it's entirety?
Click to expand...
Click to collapse
Read the description again more carefully. This does not impact a user's ability to access the Market, as it is not a Google product. In case your comprehension is lacking, i'll explain it very simply:
1. A developer decides to use the Artfulbits Anti Piracy Database (shortened AAPD) with its app.
2. A user downloads this AAPD-enabled app from the market.
3. When said app is run, it sends the IMEI of the device to the Artfulbits server. The server returns a color code corresponding to the number of times that IMEI has been reported by other AAPD-enabled apps for piracy. The app can then do whatever it wants with that information. This can be anything from deleting itself to crippling its own functionality.
4. App can also detect if has been pirated (by checking to see if the app has an entry in the user's personal Market account or some other method). If the app detects it is pirated, it will send a report to AAPD.
Another point Artfulbits failed to consider is that not all Android devices will have IMEIs to report.
Is piracy really that much of a problem? I mean most apps cost <3€ and I don't think I am the only one who values his time higher than saving 3€. I rather pay once and get updates via Market than check warez-sites for updates, and I think that most think that way?
There are just two apps that I ever considered to pirate. One was a dictionary for 20$ but I ended up buying it. The other is CoPilot which I would never buy since I don't own a car, but since it is not cracked anyway, I was not forced to really think about it.
I don't see anything good coming from that database. I.e. if my phone would be entered by mistake, you can imagine what problems that would cause for devs whose apps I bought, which I assume would suddenly stop working then.
You really need to think about whether the negative side-effects of such measures like this database are worth the (presumably very small) benefit.

[Q] Antivirus for Gtablet - Experiences/Preferences

I am aware that Android being Linux based doesn't suffer from all the malware of other devices but with so much personal information being kept in our smart devices it is only a matter of time before less than savory individuals attempt ways to separate us from ourselves so..
I am interested in your experiences with FREE antivirus products. Personal opinions.. ones you have tried.. how secure you think they are. I am only interested in the anti-virus portion of these apps. Not really interested in the backup portions. Perhaps if they offer free secure remote data wipe that would be of interest in the future.
I currently use Lookout Mobile Security but not totally secure with it due to such a limited amount of threats. It is why I am asking for personal opinions and personal preferences so more of us can make better choices to protect our favorite toy.
Of interest would be NetQin due to their experience and experience with other phones.. mostly Symbian.
AVG's version due to their experiences with anti-virus but I have heard of issues where their desktop version failed to identify virus or malware.
And also BluePoint Antivirus and their entry into protecting Android OS. BluePoint seems to be a solid antivirus provider but the reviews for the android device have been less than favorable.
There is also Dr.Web and MyMobile Protection of which I have no clue
Antivirus Free by creative apps appears to have built and designed by an individual an not a company so I am not sure of the trustworthiness of this app although alot have downloaded it.
I would expect them all to scan as apps are downloaded and installed. Most seem to be cloud based scanners.
Your opinion is appreciated..
Thanks
Amazing - 254 views
254 views and no opinions or preferences.. surely someone is using antivirus software on their gtablets?
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
wasserkapf said:
There are no know viruses for Linux in the wild. So what would it be scanning for? You really should be more worried about the permissions that are given when you install an app. If you rooted your device (and who hasn't), this would provide access for any malware.
Click to expand...
Click to collapse
One of the things I like most about it the android platform is the permissions it presents when installing apps. There has been malware reported that exploits sms sending your bill threw the roof and lining the pockets of some foreign company. There is also reports of a Trojan that is designed for Android. It collects personal info on the phone and sends to remote servers. I completely understand that the threat is very limited but with the opportunity to collect personal data I believe it is only a matter of time before the threats increase. I am only trying to stay ahead of the curve. While most threats at the moment require a user to allow they will get more sophisticated with time. Thanks for your reply!
i second your worry but i think mainly we must watch on apps. maybe a sandboxing app would be nice?
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Thanks for the input.. what I was curious about.. which ones are actually looking for malware and which ones are just scanning permissions. Off to search for droidwall.. thanks!
lordgodgeneral said:
I use DroidWall on my G Tablet. That way I can whitelist what apps have internet access and what one's don't. Best way I've found for protecting my information and malware. I've used it with pershoots kernal on vegan and on BitTrix's CM7.
For virus scan's I've used both AVG's pro version and Lookout for my tablet and my phone. AVG's did detect some settings, like it warned when it detected root, warned on some programs that use root access, and on my phone would flag some SMS's. But the tracking on AVG is pretty worthless. On my phone setting it at lost would start it tracking, but every time I tried it it would be somewhere around 5-6 miles from where I actually was. The phone lock and wipe don't work either, at least with moto droid.
Lookout's scanning only seems to report based on the permissions. The tracking on lookout is much better. The couple times I've tried reporting lost on my phone it would have a very accurate reading in a matter of 3-4 minutes.
But can't say how well they work in virus's or malware as I've never ran into any yet.
Click to expand...
Click to collapse
Unable to use Droidwall with TnT ver4.2 due to an error I receive "can't initialize iptables table 'filter': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded.
This error message unfortunately means that your kernel does not support iptables/netfilter, so DroidWall will not work.
There is nothing I can do on DroidWall to make it work, and the only possible solution is to flash a customized ROM with netfilter support."
Kind of a disappointment - was looking forward to it

security

What is a good security suit for android? i looked on market but they all seem to do diffrent things..thanks..
I like Lookout. In addition to scans for malware and spyware, it can also help you find your missing device.
You don't need a security app... I haven't known anything in the market to be malicious.
Sent from my SGH-I897 using xda premium
^ You haven't seen alot of the apps, specially the chinese ones. Regardless half the time you do get one is because you don't read. Still good idea to have something just in case.
what are your expectations of the app?
personally i run cerberus because i only expect to be able to locate a lost or stolen phone. I can set basic options with it, take pictures with it, geo locate with it... all even if wifi is turned off. It has the option to communicate via text messages with the cerberus servers.
http://cerberusapp.com/

[Q] Password protect certain applications?

Is there an application that can password protect certain apps that I choose?
And please do not say Kids Corner as it does not do what I am asking.
It's probably possible (though far from easy), but I'd actually be more inclined to help if you hadn't opened a duplicate thread about this.
Only made second thread about this to attract some attention, 7 months passed since that guy opened his thread and nobody could give a good answer.
To me it's weird that nobody tried to make an app like this still, it would be very popular and help users very much.
Anyways, thank you for replying.
Really, just bumping the other thread was enough, but since we're here anyhow... my idea for how to approach it (and this would take a *lot* of hacking) goes something like this:
1. Create an app (call it X) that has the capability to launch other apps, and filesystem write access.
2. Have X take another app (call it Y) and encrypt its binaries. This prevents anybody from launching it by any means.
3. Tweak the app database to make it so that when you try to launch Y, it instead launches X and passes the id of Y as a parameter to the launcher.
4. X prompts the user for a password to Y. On getting the right one, it decrypts Y's binaries and writes them back to the correct location, then launches Y.
5. When the user (or OS) closes Y, a background process of X notes that Y is closed and re-encrypts it.
Currently we know how to do... well, some of #1, and we think the rest is possible. Given that, #2 isn't too hard. #3 is something I don't have the least notion how to do *right now* but I'm sure it's possible. #4 shouldn't be too hard given #1 and #2. #5 will be a trick - currently, apps have no way to know what other apps are running - but I'm sure it can be done.
It's a large engineering problem blocked by an even bigger research and hacking problem, though. Nothing we'll have soon. You'd never be able to publish it in the store, either, and it would only work for people with hacked phones. It's exactly the kind of *useful* thing that would be possible if Microsoft were willing to let up the restrictions on third-party developers a bit, of course, But for the time being, there are *reasons* nobody has done it yet.
Well the word that I actually was thinking after reading your post was "crap".
It seems only with time (and a whole [email protected]#$ing lot of it) will wp become a true competitor to android, but to be honest I don't think it will come to that.
Thanks for replying GoodDayToDie, I'm freakin' sad that there is no app that can suit my needs, I even tried with kids corner but the screen still needs the password entered like the normal one. Nothing really can make up for what I have in mind.
Cheers mate.
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
tfBullet said:
as soon as we can interop unlock all WP devices, it will be pretty easy... if you're able to provide the XAP (uncrypted of course )
i'll be able to "mod" this in for you... which app are we talking about?
@GoodDayToDie: i do'nt think he is looking for real data security here, so encrypting the whole thing shouldnt be required... i think it's more about preventing his gf to read his private messages or something like that
oh btw.: you would need a dev-unlock to deploy the modified XAP then...
Click to expand...
Click to collapse
You're right tfBullet! I need it for whatsapp, photos, message and games app, mostly to prevent from friends but gf too.
I was thinking it might be possible to mod an app and add password before it can be accessed, although I have no experience in this domain. Many apps in store have this function, like wallet or prive photo apps.
My phone is dev-unlocked as I started a few days ago to study and try to create a simple app for me and my friends.
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running. The encryption thing really isn't too hard, although you could skip it anyhow too.
If there was a way to run a program in the background that monitors when certain apps are selected and then prompts when its activated would work, but it would need an unlocked phone. And even under home brew I don't know if its possible to run apps in the background. Yet.
Sent from my Nokia 521 using XDA Windows Phone 8 App
The encryption thing really isn't too hard
Yea, but that's a little extreme. If you can create that password program that runs in the background you could probably have it watch files, apps or pretty much anything. You'd have to password protect the cofig file. And maybe if you can't remember the password after so many attempts you can have the program email the passwords to your email. Just some ideas.
Sent from my Nokia 521 using XDA Windows Phone 8 App
Running software in the background is actually shockingly easy. The trick is getting it to run with better-than-app-sandbox privileges. We're still working on that one. In the meantime, apps can't even read, much less write, to the install location of other apps.
GoodDayToDie said:
Modding an app like that would actually be quite hard, because it would break the signature and prevent the app from running.
Click to expand...
Click to collapse
@GoodDayToDie: actually these .NET apps are pretty easy to decompile, if you're willing to fix the bugs that the decompiler leaves you with...
so there is not really a need for a valid signature, if you're able to compile & sideload the app yourself
the only thing is: you need the decrypted XAP, as far as i know these get decrypted while installation and can be pulled from a interop unlocked device?!
It would be nice to get my fingers on some OEM (Nokia etc..) XAPs, to see if we can find any exploit in them
I know better than probably 95% of this forum what it takes to decompile managed code; I have reverse engineered huge numbers of apps. However, you are missing several important points.
1) Modifications like you suggest are very complicated to automate. It's certainly possible, but it's not simple.
2) Re-installing the app would be a pain. You would really want to do this as an in-place modification, and that means (for store apps) that it would still be signature-checked.
3) Not all apps are managed code; WP8 supports purely native code.
4) Even with managed code, obfuscation can make tinkering with the binary nigh-impossible.
It's just so incredibly stupid that WP is so limited. I know it's under Android big time, but I think even iOS more customizable, right?
Also, is there a message app in the store that has pass option? I searched but found nothing...
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
GoodDayToDie said:
I don't believe iOS is any more customizable, no. It has some feature that WP lacks (it ought to; it's been out for years longer and Apple completely controls the hardware it runs on) but it's also missing some features that WP8 offers. In any case, this isn't the thread to have that discussion in.
Click to expand...
Click to collapse
But with the jailbreak and MobileSubstrate, iOS is extremely customizable, and there are tons of tweaks, that's where Apple gets its new features from
Back to topic, I think the OP would be happy with a solution that locks the "normal" user of his phone out of some apps, so it wouldn't be necessary to modify anything of it, just making the standard launcher (I don't know how it's called, but I mean when you launch the app via home screen or with a toast) ask for a password should be enough.

Categories

Resources