In a previous post I was talking about bad journalism: several prominent online portals (Cnet, ZDNet, Information Week, PC World, etc.) published sensational reports about disastrous state of Android security. No one thought that a real journalist must check third-party information they received before broadcasting it.
In a discussion, a PC World user securitydude6868 correctly insisted that I have to present facts before accusing SMobile Security in wrong-doing. He was right and I performed a little research.
* * * *
@securitydude6868,
"If a third-party maliciously loaded these applications onto a person's device, the device owner would have no idea they were installed and by running an Anti-Spyware application, they would be able to detect if a malicious application was loaded without their knowledge."
Point is, that these applications need to be installed on user's machine. They do not hiddenly install themselves, as usual Web malware does. Those applications clearly stayed in their descriptions what they are doing. There is nothing hidden and evil. Oh yes, if you temporarily steal my Android phone, install "malware" applications on it and give me phone back requiring my promise to never look at the installed applications, then those apps could do a harm.
It's laughable, it has nothing to do with malware.
"I don't see how a completely different report which clearly states there are Spyware applications available outside of the Android Market could be used as a means to judge the report analyzing the Android Market itself. I also don't see any information you provided from this older report that is in dispute...
In recap, I fail to see a single item in the report that you dispute, or any evidence that the company to which you show so much disdain is falsely spreading information."
Contrary to what you think about me, I'm not spending all the time browsing Internet in an attempt to find anti-android articles. Sometimes, I'm working too.
However, you were right: to make strong accusations one needs to have facts. So, I spent a couple hours yesterday, reading all the SMobile Systems reports, checking applications they denounced as malware and contacting authors of those applications. Some of them already answered on my questions.
As we both saw, among common words in SMobile reports there were a few direct examples.
From newest report http://goo.gl/Wxv2
1. Several applications developed by Carrot App http://www.carrotapp.com/
Company openly presents purpose/functionality of its applications. Full contact info is present. I asked them a question and got a definitive response http://goo.gl/OLAD. Note, that CarrotApp and SMobile Systems are direct competitors.
From an older report http://goo.gl/MM7m
2. MobileSpy by Retina-X Studios http://www.spy-mobile-phone.com/
Clear description: "Mobile Spy is the next generation of smartphone spy software. Do you suspect that your child or employee is abusing their SMS privileges? If yes, then this software is ideal for you."
Full contact info is present.
Note, that Retina-X Studios and SMobile Systems are direct competitors. I'm waiting for a response from Retina-X Studios.
3. MobiStealth http://www.mobistealth.com
Company openly presents purpose/functionality of its applications. Note, that MobiStealth and SMobile Systems are direct competitors. Full contact info is present. I asked MobiStealth a question and got a descriptive answer:
"Dear Customer,
Thank You for contacting MobiStealth Info. MobiStealth is not a malware as a malware gets installed automatically onto the target phone however to install MobiStealth physical access to the target phone is made compulsory. Try it yourself.
Our main customers include security agencies and even parents. As SMobile needs to stay in the market they will not let go any chance of defaming their competitors, in simple words it is called negative marketing.
We appreciate your interest and hope to listen from you in future as well.
Regards,
Info Team"
4. DROID09. A real spyware, "phishing application that targeted banks." Found (?) and removed by Google. Obviously, Google didn't share this sensitive information with SMobile and I'm happy about that. Note, however, that DROID09 didn't try to hide the fact it was working with banks. You have to be a little stupid to provide your banking credentials to an unknown company. If you need online banking, read reviews and download Mint http://www.mint.com/.
Older SMobile report http://goo.gl/js1e
5. "Girlfriend Text Message Viewer was one of the first applications discovered by the SMobile Global Threat Center Team." I'm not a security firm, but I "discovered" that app long time ago. As I said, while purpose of this app is kind of crazy, categorizing such explicitly named app as a malware is laughable. One can take a knife and stab his girlfriend. Does it mean a knife needs to be arrested?
6. THEFT AWARE, http://www.theftaware.com/. Great site, tech support, user forum, contact information... It's an app from Android Market; its purpose is to prevent cell phone theft. "The austrian television (ORF) made a report about Theft Aware in its magazine KONKRET." I notified them, but haven't received an answer yet.
A conclusion: you prompt me to do a little research, thank you. As a result, it became absolutely clear, that not only there were numerous facts of bad journalism, but an original source - SMobile Systems reports - were intentionally misleading, full of false statements wrapped into common and correct words. In doing so, SMobile Systems not only tries to compete unfairly and toppled down Android developers, but it also causes harm to Android itself, eventually causing harm to itself. Frankly, I didn't expect its being so bad.
My only hope is that developers would be aware on SMobile Systems practices and won't have any deals with this company.