Search This Blog

Friday, June 25, 2010

SMobile Systems unfairly tries to topple competitors

In a previous post I was talking about bad journalism: several prominent online portals (Cnet, ZDNet, Information Week, PC World, etc.) published sensational reports about disastrous state of Android security. No one thought that a real journalist must check third-party information they received before broadcasting it.

In a discussion, a PC World user securitydude6868 correctly insisted that I have to present facts before accusing SMobile Security in wrong-doing. He was right and I performed a little research.

*   *    *    *


"If a third-party maliciously loaded these applications onto a person's device, the device owner would have no idea they were installed and by running an Anti-Spyware application, they would be able to detect if a malicious application was loaded without their knowledge."

Point is, that these applications need to be installed on user's machine. They do not hiddenly install themselves, as usual Web malware does. Those applications clearly stayed in their descriptions what they are doing. There is nothing hidden and evil. Oh yes, if you temporarily steal my Android phone, install "malware" applications on it and give me phone back requiring my promise to never look at the installed applications, then those apps could do a harm.
It's laughable, it has nothing to do with malware.

"I don't see how a completely different report which clearly states there are Spyware applications available outside of the Android Market could be used as a means to judge the report analyzing the Android Market itself. I also don't see any information you provided from this older report that is in dispute...
In recap, I fail to see a single item in the report that you dispute, or any evidence that the company to which you show so much disdain is falsely spreading information."

Contrary to what you think about me, I'm not spending all the time browsing Internet in an attempt to find anti-android articles. Sometimes, I'm working too.
However, you were right: to make strong accusations one needs to have facts. So, I spent a couple hours yesterday, reading all the SMobile Systems reports, checking applications they denounced as malware and contacting authors of those applications. Some of them already answered on my questions.
As we both saw, among common words in SMobile reports there were a few direct examples.

From newest report

1. Several applications developed by Carrot App
Company openly presents purpose/functionality of its applications. Full contact info is present. I asked them a question and got a definitive response Note, that CarrotApp and SMobile Systems are direct competitors.

From an older report
2. MobileSpy by Retina-X Studios
Clear description: "Mobile Spy is the next generation of smartphone spy software. Do you suspect that your child or employee is abusing their SMS privileges? If yes, then this software is ideal for you."
Full contact info is present.
Note, that Retina-X Studios and SMobile Systems are direct competitors. I'm waiting for a response from Retina-X Studios.

3. MobiStealth
Company openly presents purpose/functionality of its applications.  Note, that MobiStealth and SMobile Systems are direct competitors. Full contact info is present. I asked MobiStealth a question and got a descriptive answer:
"Dear Customer,
Thank You for contacting MobiStealth Info. MobiStealth is not a malware as a malware gets installed automatically onto the target phone however to install MobiStealth physical access to the target phone is made compulsory. Try it yourself.
Our main customers include security agencies and even parents. As SMobile needs to stay in the market  they will not let go any chance of defaming their competitors, in simple words it is called negative marketing.
We appreciate your interest and hope to listen from you in future as well.

Info Team"

4. DROID09. A real spyware, "phishing application that targeted banks." Found (?) and removed by Google. Obviously, Google didn't share this sensitive information with SMobile and I'm happy about that. Note, however, that DROID09 didn't try to hide the fact it was working with banks. You have to be a little stupid to provide your banking credentials to an unknown company. If you need online banking, read reviews and download Mint

Older SMobile report

5. "Girlfriend Text Message Viewer was one of the first applications discovered by the SMobile Global Threat Center Team." I'm not a security firm, but I "discovered" that app long time ago. As I said, while purpose of this app is kind of crazy, categorizing such explicitly named app as a malware is laughable. One can take a knife and stab his girlfriend. Does it mean a knife needs to be arrested?

6. THEFT AWARE, Great site, tech support, user forum, contact information... It's an app from Android Market; its purpose is to prevent cell phone theft. "The austrian television (ORF) made a report about Theft Aware in its magazine KONKRET." I notified them, but haven't received an answer yet.

A conclusion: you prompt me to do a little research, thank you. As a result, it became absolutely clear, that not only there were numerous facts of bad journalism, but an original source - SMobile Systems reports - were intentionally misleading, full of false statements wrapped into common and correct words. In doing so, SMobile Systems not only tries to compete unfairly and toppled down Android developers, but it also causes harm to Android itself, eventually causing harm to itself. Frankly, I didn't expect its being so bad.
My only hope is that developers would be aware on SMobile Systems practices and won't have any deals with this company.

Wednesday, June 23, 2010

Android ruins permissions? Cnet spreads a BS and marketing ploy by SMobile…

Cnet and ZDNet  were spreading a BS and marketing ploy from a company which is trying to sell its own "security" application. In an original article, Cnet repeated a misleading marketing information from a anti-spyware firm called SMobile, which claimed that 20% of Android apps are potentially spying on users, share private data, even places some invisible for a phone owner calls and SMS...

What is interesting, Cnet author realized their mistake and edited article (see comments below)! I really applaud it!

"Android requires application developers to declare the permissions their application will need in order to interact with the system and its data" and SMobile is sucking an information which is freely available and required for each app and trying to sell it to us! There is an obvious conflict of interests. Every technically-savvy Internet user knows that 90% of so called “free antivirus and anti-spam” software is bogus, trying to sell us unnecessary things and displaying false alarms.

As it was mentioned in one comment, iPhone apps do the same thing as Android apps, because it's just required by their functionality, but don't advertise as clearly and loud as Android apps what they can do.

As we know, Android OS automatically prohibits any app from accessing a resource in case this access wasn’t declared. Does iPhone OS do this? It sounds like a better control than a human looking on each app source code. With 200,000 apps in iPhone Store I highly doubt that every app was really inspected. I think I’ve heard about some apps being pulled from App Store *afterwards*…
Also, users voting for an app by downloading it IS a pretty strict control. There was an information about Wikipedia being almost as accurate as Britannica...

Now, let’s think about what could and should be done.

As ztts said in a Cnet comment,
”This is one of the most remarkably misinformed articles I've read in a long time. Of course some apps have access to sensitive information. If an app is meant to help organize contacts, for example, of course it has access to your contacts. This is true on any platform, and is obvious and unavoidable. The nice thing about he Android market is that, whenever you download an new app, it informs you of exactly what sensitive information it has access to, so one can make an informed decision. The fact that an app has access to information does not mean that it misuses it, as this article implies that 20% of all apps do. Truly sensationalist reporting.”

inetperu says in Cnet comment,
"Palm is taking the lead on this one I think. Personal data is locked down pretty tight - too tight actually since some apps are not even possible with the current restrictions. The ideal system would be for a permission based system like Palm WebOS uses for apps that require GPS data. When you install the app it notifies you that the app needs access to the GPS data and you can accept or deny. Something similar could be used to allow an app limited access to your address book, phone functions, SMS, etc. The user GRANTS permission to the app after being warned of possible abuse AND if access to those sensitive areas were logged automatically so that the user could review it every so often it would keep bad developers in check. Imagine an app that could scrape your entire address book, phone records, GPS history, etc. - a spammer/stalker/identity theirs dream app."

Limited access sounds like a useful idea, but... But if an app is denied a permission it was asking for *during its installation*, it then cannot perform normally, right? And asking for a permission *every time it is needed* is not a solution either, because it would create a nightmare user experience (I remember Zone Alarm doing that, as a result I just uninstalled Zone Alarm. Most users would do the same.)
Obviously, Android's way of declaring necessary permissions during installation is far from being an ultimate solution either, because most of the users will install apps anyway - if they need them.

WebOS performs a required and automatic logging of an access to sensitive areas, right? That's sounds like a really good idea. Such system logs can then be analyzed by [system] security software.
I'm pretty sure Windows has this mechanism as well. Isn't there a similar API in Android OS? I don't believe Google didn't pay attention to this area.

Friday, June 4, 2010

About “The Race to the Perfect Phone” article


The Race to the Perfect Phone

This seems to be a rare unbiased review. Since I don't have other experience except Android, here's my 2 cents:

1. Lastly, I'm seeing more and more reviewers saying that they actually like stock Android 2.1+ *more* than Sense UI. Stock Android is simple and logical.

2. I don't understand what is "unprofessional Linux-distro feel" of fonts (BTW, Google recently released Open Source Web Fonts), I don't understand words about lack of color coordination.

3. About apps organization: there is no and cannot be a single perfect hierarchical organization of applications, because one can organize them using *different* criteria. (It's because of this reason, in GMail Google organizes email messages using *labels*, rather than folders. Each message can hold any number of labels. Labels and search - that's the key. I would suggest that allowing to dynamically group apps on a smartphone using labels and to search for apps would improve Android. Is WebOS "cards" something like a materialization of labels, so that a single app could be contained in several cards?
For now, though, having several home screens and single-level folders is not too bad (certainly better than iPhone's mess - displaying All applications, though iPhone 4.0 introduces folders too.)

4. "The problem is that for every HTC, there's a Sony-Ericsson or LG -- manufacturers that just haven't figured out why it's important to take this extra step in the software experience. This is what could kill Android: it places far too much faith in the manufacturers of the phone hardware. In the past, manufacturers haven't had to worry as much about providing their own high-quality software on phones."
I agree with what you said above, with exception of, in my opinion, problem is mostly not in inability of manufacturers to supply decent Android *software*, but rather in using sub-standard  *hardware*. I think Google should include a [stricter] minimum set of requirements on hardware for Android. For this moment such a minimum should be something like what we have on original Verizon Droid, or maybe even on Nexus One. Fast processor, 800x480, a good capacitive screen, etc.

5. Froyo (Android 2.2) *IS* going to be available on most Android phones; question is - how fast it will be. BTW, yesterday I installed Cyanogen 5 custom ROM on my old ADP1 (HTC Dream - the very first Android phone). Cyanogen 5 is an improved custom variant of Android 2.1!

6. Two major drawbacks for Android <= 2.1 is its lack of a decent copy/paste mechanism and a dismal battery life (latter is true for all current smartphones.)


Vladimir Kelman - Non-Phone Android Devices Wave.