PDA

View Full Version : Is Google betraying our trust



gefalu2008
July 14th, 2012, 05:10 PM
Obviously Google Android elicits our support as Linux users. However, could it be that eventually Android will turn out to be a security threat to Linux itself?

Android and Google Play are infested with malware, and Google seems (http://www.f-secure.com/weblog/archives/00002398.html) to be unable to get rid of all the cockroaches in its kitchen:


Malware has been found once again on Google Play according to this post by Symantec's @Irfan_Asrar.

Android.Dropdialer poses as a "Wallpaper" app but it also happens to install an additional app which then sends a premium rate SMS.

Asrar analyzed two versions found on Play that used video games as bait. Good news: Android Security removed the apps identified by Asrar. Bad news: there are more malware apps currently on Google Play. When something works once, bad guys will try it again.

With that in mind we used Google Search and we found more examples (in less than 10 seconds).

To some extent Google management seem to have lost their passion for quality of service & software. The coming elimination of the iGoogle is a prominent example.

Giant companies that compromise their original values can become dangerous monsters. Will Google start to do evil & vile things, what do you think?

Nixarter
July 14th, 2012, 05:28 PM
... you mean because google doesn't force all companies to submit to the ridiculous rules that Apple has? Apple does that... if you want an Apple, get an apple.

No Linux distro does that. Windows doesn't do that. Use common sense and don't download stupid stuff. Millionth customer? Free iPad? Don't run it. lol

Just because you are on a phone doens't mean you leave your intelligence at home in your computer chair.

CharlesA
July 14th, 2012, 05:36 PM
... you mean because google doesn't force all companies to submit to the ridiculous rules that Apple has? Apple does that... if you want an Apple, get an apple.

No Linux distro does that. Windows doesn't do that. Use common sense and don't download stupid stuff. Millionth customer? Free iPad? Don't run it. lol

Just because you are on a phone doens't mean you leave your intelligence at home in your computer chair.
This whole thing. Malware will always exist but if you do research before installing crap, you will be fine.

Also - stick to reputable developers.

vasa1
July 14th, 2012, 05:38 PM
..., what do you think?
Use what you're comfortable with. I'm happy with Google.

Paqman
July 14th, 2012, 07:35 PM
However, could it be that eventually Android will turn out to be a security threat to Linux itself?


You mean a threat to the kernel? I don't quite follow your logic. Why would Android, which is essentially a Java VM running on top of Linux, pose any more of a threat to Linux than the millions (billions?) of existing systems running a different stack?

Popularity isn't a threat to Linux, because it was hugely popular before Android came along. There have always been lots of people trying to find chinks in Linux's armour, as doing so would give them access to a lot of important servers and infrastructure.

MadmanRB
July 14th, 2012, 07:40 PM
Nothing is bulletproof so this doesnt bother me.

KiwiNZ
July 14th, 2012, 08:03 PM
Obviously Google Android elicits our support as Linux users. However, could it be that eventually Android will turn out to be a security threat to Linux itself?

Android and Google Play are infested with malware, and Google seems (http://www.f-secure.com/weblog/archives/00002398.html) to be unable to get rid of all the cockroaches in its kitchen:



To some extent Google management seem to have lost their passion for quality of service & software. The coming elimination of the iGoogle is a prominent example.

Giant companies that compromise their original values can become dangerous monsters. Will Google start to do evil & vile things, what do you think?

Blame the scum that produce Malware.

aysiu
July 15th, 2012, 05:09 AM
OP, are you suggesting Google is deliberately allowing malware in Google Play? "Oh, you want to put malware in our store? Okay. Thanks for asking"?

doorknob60
July 15th, 2012, 05:23 AM
This isn't Google's fault, is just the jerks putting malware in Google Play, without Google noticing (at first). It's not like Google wants that stuff there. This also has no effect on desktop Linux, because Android apps don't even run on standard Linux distros.

smellyman
July 15th, 2012, 06:44 AM
I thought this would be about trusting a company whose sole purpose is to collect as much data about you as possible.

That would make more sense.

gefalu2008
July 15th, 2012, 07:32 AM
It is a responsibility of persons downloading stuff to try to do security checks. However, a much greater responsibility is due to the company that provides downloading services.

What the security company quoted above noted was that Google did not eliminate all the instances of a particular malware that Google had already identified. Google thought that there was only one cockroach in the kitchen.

Unrealiable service providers make the lives of ordinary users nasty, difficult and short.

What would be a proverb that would suit the case of this megacompany we would like to love?

Could Google at least promise not to let us down again? And restore iGoogle for forever. And do no evil.

KiwiNZ
July 15th, 2012, 08:23 AM
Could Google at least promise not to let us down again? And restore iGoogle for forever. And do no evil.

So you want promise from Google that no one will put more malware up.
Why should they never replace I google, by that logic we would still have the first release of Ubuntu.
Its a computer company what evil can they do?

Mikeb85
July 15th, 2012, 08:31 AM
Google is actually pretty good for a corporation. How about Oracle trying it's best to apply proprietary licenses to stuff Sun GPL'd? How about Apple pretending it's store doesn't have malware (and sweeping it under the rug)? How about Microsoft's tactics from the beginning of time?

Google's not trying to collect 'your' information. They just collect information, period. Their stated goal is to be a hub for all the information in the world, for anyone to access - advertising is merely a necessary evil, as developers need to eat. Show me a huge corporation who has contributed half as much to open source or even humanity in general as Google...

alexan
July 15th, 2012, 11:23 AM
The application itself don't contain malaware. To bypass PlayGoogle system it ask to download a dropbox file (which was uploaded only after Google allowed the app in the store)
To be effective the malaware require the user to accept installation of the package, which are barely two click.. but the last one is this:
http://www.symantec.com/content/en/us/global/images/threat_writeups/2012-070909-0726-99.4.JPG


If an app require to install you a service that cost you money and you agree... there's very little a machine can do to bring you security.
Security only work if it's in your brain. :lolflag:

Anyway, I do suppose that Google has the address+name+billing of those who deployed the application. All they need to do is pass the data to the local police :guitar:

alexan
July 15th, 2012, 11:28 AM
Relevant addition:
I do suppose that Google has the address+name+billing of those who deployed the application. All they need to do is pass the data to the local police :guitar:
My machine made me do stuff that cost money from my service?
1. Google knows names (they can be faked, but investigated trough IP/stuff)
2. mobile network provider knows their names (they can be faked, but investigated trough IP and physical location)
3. money are send to the some identity (account banks can be faked too?)

Acta, pipa, sopa and all that s--ff (hi-) to protect big companies with their business.... and nothing done for people's money? :confused:

morgan141
July 15th, 2012, 12:33 PM
The application itself don't contain malaware. To bypass PlayGoogle system it ask to download a dropbox file (which was uploaded only after Google allowed the app in the store)
To be effective the malaware require the user to accept installation of the package, which are barely two click.. but the last one is this:

If an app require to install you a service that cost you money and you agree... there's very little a machine can do to bring you security.
Security only work if it's in your brain. :lolflag:

Anyway, I do suppose that Google has the address+name+billing of those who deployed the application. All they need to do is pass the data to the local police :guitar:

Precisely. There are three key things that you should always check before installing an app:

1. Permissions
2. User reviews
3. Number of downloads

If you don't bother checking these then you really only have yourself to blame when you get malware. I mean seriously, I could distribute a .deb file that formats your hard drive. Would that be canonical's fault if you lost all your data?

Clearly google should look at removing such apps as quickly as possible, but unless you include apple style vetting then it does take time to catch them. The above features I mentioned though are more than ample to protect against malware that does appear.

gefalu2008
July 15th, 2012, 12:34 PM
Why should they never replace I google, by that logic we would still have the first release of Ubuntu.

Actually Google is not replacing iGoogle. They are bringing the service to an end. There is no replacement. Not by Google, not by any other company.

It is like Canonical making it impossible for anyone to use Ubuntu. In a world in which there would be no other Linux distributions. Well, that would be even worse than what Google is planning to do...

What Google is planning to do with iGoogle is evil - for us who trusted the company so many years.

xedi
July 15th, 2012, 03:01 PM
What Google is planning to do with iGoogle is evil - for us who trusted the company so many years.

They are replacing it kinda. The rationale is that the chrome platform with its apps and customization will provide all the services you need and have with iGoogle. You may disagree with it or not, but proclaiming that google thinking that chrome is the better way and thus shutting down a FREE service is evil and violating trust is unnecessary hyperbole.

snip3r8
July 15th, 2012, 03:35 PM
Android may be a Linux users friend now , but if and when Ubuntu for mobile comes out , it will be your enemy! Cue dramatic music!

Bachstelze
July 15th, 2012, 03:54 PM
Only if you trusted Google in the first place... One of the reasons I am still reluctant to get an Android phone is that in order to use the Android market, you need a gmail address. Not even a Google account on another address will do, you need a gmail address, period. That's fishy to me, why do I need to have an email address with you if I just want to download some apps? They want everyone to be on gmail, just like Microsoft wants everyone to run Windows.

aysiu
July 15th, 2012, 04:05 PM
Only if you trusted Google in the first place... One of the reasons I am still reluctant to get an Android phone is that in order to use the Android market, you need a gmail address. Not even a Google account on another address will do, you need a gmail address, period. That's fishy to me, why do I need to have an email address with you if I just want to download some apps? They want everyone to be on gmail, just like Microsoft wants everyone to run Windows.
Not ideal, of course, but you can install apps outside Google Play (what they call the Android Market now).

One easy option as long as you're not on AT&T*** and unrooted, is to use the Amazon App Store, which has pretty much all the popular Google Play apps, just never updated.

And again if you don't have an unrooted AT&T phone, you can install random .apk files you download from the internet. There are also other alternative marketplaces.

It is possible to run Android without having a Gmail or even a Google account. But if you want a seamless experience with everything the Android ecosystem has to offer, a Gmail address is mighty handy.

***As far as I know, AT&T in the US is the only carrier that prevents Android phones from installing apps from "unknown sources."

Edit: I stand corrected. From the Amazon website (http://www.amazon.com/gp/help/customer/display.html?nodeId=200551840):
Can I use Amazon Appstore for Android on my AT&T Android device?
Amazon Appstore for Android is available on select AT&T Android mobile devices running firmware version 2.2 or greater.

Please ensure that your phone is properly configured to download Amazon Appstore for Android by following the instructions provided here.

If your phone is running firmware version 2.2 or greater and you are not able to access the Amazon Appstore for Android, AT&T is unfortunately unable to support purchases from the Amazon Appstore for Android on your device. For more details, contact AT&T.

Paqman
July 15th, 2012, 04:23 PM
What Google is planning to do with iGoogle is evil - for us who trusted the company so many years.

Hey, I'm an everyday Igoogle user, and I'm bummed it's going. But you're being silly, canning it is not "evil". You'll just use something else. And hopefully recalibrate your sensibilities so that you can better detect the actual evil that exists in the world.

aysiu
July 15th, 2012, 04:37 PM
Google's abandoned many of its projects over the years. Sorry you dug iGoogle. Many others of us didn't, and I'm sure that's why Google has decided to focus its energies elsewhere going forward.

sffvba[e0rt
July 15th, 2012, 06:03 PM
I had a hangup about Google and how big and powerful etc. they where becoming, but it was pointed out to me very nicely that with that kind of view mentality it means that nobody is allowed to be successful for fear they may turn "bad".

It is sad there is so much mallware in the world, but it isn't Google's fault.


404

mr john
July 15th, 2012, 07:52 PM
Nope, it's not anywhere near as dark or sinister as some people think it is. Most people who work for Google just want to get the 9 to 5 in like the rest of us... Then they go home, have their dinner and watch tv. Personally, when I start to have paranoid thoughts about IT companies being evil I know it's time to get away from the computer. Most companies are just in the business to make money, not because they have crazy evil plans. Sure, you may not agree with their ethics, but it's really not that big a deal.

As for the marketplace fud.... Most of it's coming from Google's competitors and fanboys who are towing the lines of Google competitors. In the IT industry companies have been spreading scare stories about competitors since the days of microcomputers and probably even before that. I'd take all of it with a pinch of salt. I've had Android, Sybian, IOS and WM on my mobile phones and NEVER run into any problems. It's all about being a sensible user. None is any better than the other, they just have different ways of doing all the same things.

Just relax and use what you are comfortable with.

tartalo
July 15th, 2012, 08:46 PM
You might find this interesting:
https://fsfe.org/campaigns/android/android.en.html

Nixarter
July 16th, 2012, 01:10 AM
The email thing is no different than having to register for an ubuntu forums account to post here.

Granted, I do no agree with a lot (read A LOT) of what big IT companies do, including google, but that is one of the things that isn't so bad. Since there is no physical media to revert to if your phone dies or whatever, it is nice to have a central means to restore stuff. That being said, I always backup my stuff anyway (if I don't think I can properly back something up, I never buy/use it to begin with), but for MOST PEOPLE that is either beyond their technical knowledge or patience lol

Think of all the unknowledgeable people who would spam google with complaints if they didn't have that...

Yeah, I do think they shouldn't FORCE people to do that, but it isn't THAT bad. The sucky thing is that (with free accounts) they do apparently force google+ and ALL of their other programs on you, whether you want them or not.

UltimateCat
July 16th, 2012, 01:45 AM
I thought this would be about trusting a company whose sole purpose is to collect as much data about you as possible.

That would make more sense.

You mentioned trust....that's a funny thing sometimes and even that takes time.

I've noticed that business is business and making a profit is most important to some these days-