"What is worse on Android? Malware or PUAs?"

Full Story at Sophos

 

It's more of a case of awareness, awareness and prevention.

 

Another security risk are the permissions that Android apps requires. Most of the people just install it and not reading what action this program can perform. You should be very careful when applications needs to get access to your address book, monitor what you type, ...

 

A video on Facebook Permissions required to run that do not exist on a PC here: http://www.net-security.org/article.php?id=1734

 

This is a bit of scaremongering by sopphos, I have yet to see Android Malware in the wild yet every AV company is out there warning about it while trying to sell their mobile software.

People should be warned but not forced to buy a product that is not yet needed.

 

There are LOADS of Android malware floating around, from Finfisher noted in a separate post in this forum to things that can be downloaded from Google app store: http://arstechnica.com/security/2012/07/more-malware-found-hosted-in-google-android-market/

 

The problem is identifying who is Potentially Unwanting these Apps.

*I* MYSELF get highly annoyed when my various Droids Avast alert me that I have zAnti and several others. I am new so I will err on the side of caution and not discuss lesser known Android software, but there are commercials for zAnti, it is a highly WANTED app, but I can't seem to whitelist it.

So PUAs and PUPs P me right off. Either the software is going to do something that is very highly likely unwanted by the average user, then sure, go ahead and flag it, sandbox it, treat it with The Heuristics of the Cloud, whatever.

Just don't jump to the conclusion that a penetration tester doesn't want a penetration testing tool on his machines.

Major thanks for all of the great work in the FinFisher threads. I am curious though now that, as is noted in at least one other thread here on WildersSecurity that FinFisher is now available for just about all contemporary mobile devices?

We know there are baddies for our phones out there, and we know they even slip into our legitimate software streams. That this one is tied to government surveillance makes it a LITTLE bit unique. Has anyone had the opportunity to pull apart one of the mobile bugs and seen anything that would lead you to believe the same "Gamma Group" wrote this entire FinFisher / Finspy suite of unfriendlies?

NOTE TO FUTURE LAW ENFORCEMENT PROGRAMMERS: IT IS CALLED FUD.

EDITED TO ADD: Guess this answers my question:

 

Stop installing suspicious apps and you wont get malware on your Android phone. Get back to me when there are drive-by's in the wild for Android.

And I never trust numbers or statistics from any AV company. It's like trusting a home burglar alarm company to give you accurate crime statistics.

 

Please follow-up to this thread:
https://www.wilderssecurity.com/showthread.php?t=334207