Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Android Cellphones Handhelds Security

Ask Slashdot: What To Do About Android Malware? 191

An anonymous reader writes: What's your approach to detecting and dealing with Android malware? I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal. There have been lots of stories lately about Android malware that remind me of the old saw about weather: everyone talks about it, but no one does anything about it. However, that can't be completely true, and before I reach a phone crisis, I'd like to get some sane, sage advice about diagnosing malware, and disposing of it, or at least mitigating its damage. When it comes to diagnosing, I don't know what software to trust. I've heard positive things from friends (and seen both positive reviews and terrible negative ones, raising even more meta questions about trust) about Malwarebytes, so I installed their mobile version. This dutifully scans my system, and reports no errors and malware. Which doesn't mean there isn't any, though I'd be happy to find out that I'm just being paranoid. The OS is stock (Motorola Nexus 6) and kept up to date. I have only very conventional apps, all downloaded from Google's Play store, and believe it or not I don't visit any dodgy websites on my phone, at least not intentionally. So: what's the most reliable way to get an accurate view of whether I am dealing with malware at all, and hopefully to eradicate it? Good malware hides well, I know, but is there any tool on the side of the righteous that is currently best at rooting it out? If I find a specific form of malware on my phone, how can I remove it?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: What To Do About Android Malware?

Comments Filter:
  • by Anonymous Coward on Saturday September 19, 2015 @03:49PM (#50557129)

    to start with a completely clean slate and get it right. Instead they re-created the Windows ecosystem. Congratulations.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      But it's free and open and full of goodness and stuff!

      Curse Apple and their walled garden! I WANT TO BE ABLE TO CHOOSE MY MALWARE FREELY!

    • by SumDog ( 466607 ) on Saturday September 19, 2015 @04:55PM (#50557483) Homepage Journal

      It's worse that Windows. In Windows you can reinstall the base OS (bloatware free) and then install the drivers and you're done.

      Android is to the point where they should have a standard-driver-package. Manufactures can release something similar to an apk, with the source (or just .o files, who gives a shit) that can auto-compile for all devices. That what you just go ASOP + these special packages and boom. Standard Android. You can use your manufactures custom install as well, but at least you'd have a choice. Google could add in the EULA that voiding warranties for unlocking bootloaders is out of the rules.

      It's not that difficult a fix. You could get manufactures not releasing driver package updates, sure...but at least it would make it easier to do so. Android would benefit from being more like Windows as a general purpose OS at this point.

  • Start over (Score:5, Interesting)

    by Fwipp ( 1473271 ) on Saturday September 19, 2015 @03:50PM (#50557133)

    Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

    If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

    • Re:Start over (Score:5, Insightful)

      by Feral Nerd ( 3929873 ) on Saturday September 19, 2015 @04:04PM (#50557201)

      Wipe it. Flash a new ROM; don't install any other app stores, don't download sketchy apps.

      If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

      In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

      • Re:Start over (Score:5, Informative)

        by Artem Tashkinov ( 764309 ) on Saturday September 19, 2015 @04:28PM (#50557321)

        Unlike iOS Android allows you to side load apps *officially* but in this case all bets are off and you MUST understand what you're doing. With Apple there's no such freedom (unless you root your phone which is unsafe and voids your warranty) at all.

        So, Google's walled garden is at your full discretion. If you like the feeling of safety you stay in it. If you want freedom, you can leave it any time you want. Most Android phones even allow you to have root if you're hellbent on having total freedom [to destroy your device].

      • Re:Start over (Score:5, Informative)

        by AmiMoJo ( 196126 ) <mojo@worl[ ]net ['d3.' in gap]> on Saturday September 19, 2015 @04:29PM (#50557327) Homepage

        The Amazon and F-Droid app stores are fine. Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps or "free" virus scans etc.

        Look, the questioner clearly knows enough to be dangerous to himself but not enough to wield root privileges on his phone. Best thing to do is stick to Play until he understands this stuff. Just because you have the freedom to do something doesn't mean you should assume you can do it competently.

        • Just avoid the less reputable ones until you learn the basics of computer use, like not installing dodgy cracked apps

          I agree: someone new to Android should stick to the reputable repositories, which are Google Play, Amazon, and F-Droid, and avoid any app that seeks administrative permissions unless required by an employer. But if there are two apps for reading Cracked on a reputable store, how do I know which are and aren't dodgy? There's the official app [google.com] but also a third-party app [google.com].

          • I agree: someone new to Android should stick to the reputable repositories, which are Google Play, Amazon, and F-Droid

            Did this. Still got adware and popups and degraded performance.

            • by tepples ( 727027 )

              Developers need to eat. Therefore developers do what's profitable. Something the majority does not adopt is unprofitable. The majority prefers adware to paid apps. What's the solution that allows developers to eat?

      • So? It's the same with a PC. Yet malware is actually quite easy to avoid.

        Walled garden and trust are not the same thing.

        • Re: Start over (Score:5, Informative)

          by Karlt1 ( 231423 ) on Saturday September 19, 2015 @05:46PM (#50557749)

          The difference with a PC is that when a security vulnerability is found on a Dell running Windoes and Microsoft releases a patch, you don't have to wait for Dell and Best Buy to hopefully allow you to update your PC.

          When Google releases a patch for Android, you have to hope that you phone manufacturer and your carrier push the patch to you.

          • In other words, all Windows PCs are like unlocked Nexus phones: they get updates directly from the operating system publisher.

          • by rtb61 ( 674572 )

            You only have to wait until you warranty expires on an Android phone and then of course it makes no difference. You will of course need to reference how well that phone works with non-manufacturer specific android builds. Once you no longer have a warranty to lose, well, you have more to lose by sticking to older unpatched Android builds. Google could of course work to create Android releases and an install system for the most popular Android phones to keep them up to date, once they are out of warranty.

          • You're comparing different things. I was comparing Android's permissions to PC's permissions. On a PC I don't have a walled garden and yet it's simple enough to keep my computer malware free.

            You're comparing bugs in the OS, and while I agree with you that Android leaves a lot to be desired in the patching process nearly all malware on Android does NOT rely on bugs in the OS. Most Android malware first requires the installation of a compromised package. Which goes back to my original point: If you trust the

            • Apple's review process does little to prevent security vulnerabilities. They have a static code analyzer that keeps apps from using non public APIs but that's about it. Security on iOS is a function of the operating system sand boxing apps and a better permission system. I don't have to trust the package.

              If a security vulnerability is found in the OS. It can be patched and at least right now, pushed to every iOS device worldwide introduced since 2011.

              • Again you're missing my point. It's not OS level security, but dumb user level security.

                Most of the malware that has actual effect on users is the result of such users installing explicit programs that have questionable requirements i.e. a crappy angry birds rip-off that for some reason needs permission to send SMSes, read your contact list, etc etc. Shit like that is absolutely rife outside the legitimate app stores. And protecting yourself from it is akin to not installing free programs from www.freesoftw

                • The Stage Fright vulnerability didn't involve installing software from shady app stores.

                  The Android security model is a sad joke. For instance just for an app to be able to lower its volume when a phone call comes in, you have to give it permission to monitor your phone calls and to know the details of the call. You also have to give an app all requested permissions at launch for it to work and you can't turn permissions off for an app after it is installed. When you install a third party keyboard on Andr

                  • by segin ( 883667 )
                    Care to cite your sources? Or are you just shilling away for another payday?
                    • Sources?

                      For the highly publicized Stage Fright vulnerability?

                      For the fact that on Android you have to give apps all of the requested permissions or you can't run it?

                      For the fact that Android has no built in facility to turn off permissions granularly once you install it?

                      For the fact that a third party keyboard has full network access and can hypothetically send every keystroke over the Internet?

                    • No he's right about everything, and yet dead wrong about the actual impact that any of what he said has on actual users.

                  • The Stage Fright vulnerability didn't involve installing software from shady app stores.

                    Yes you're right. So with 900million potentially affected devices Android should be rife with malware in ways that should make the Blaster worm blush. right? right? ... *crickets*

                    Stage-fright has not been exploited in a self-replicating way. In order to do anything with it you need to know the specifics of the device you're targeting AND also hope that it's one of the 4.3% of devices out there that doesn't have a version of Android that includes ASLR.

                    The effects of the bug didn't turn out to be anywhere nearly as serious as the name implied and it isn't actively exploited in the wild. So ... next example?

                    The Android security model is a sad joke. For instance just for an app to be able to lower its volume when a phone call comes in, you have to give it permission to monitor your phone calls and to know the details of the call. You also have to give an app all requested permissions at launch for it to work and you can't turn permissions off for an app after it is installed.

                    No you don't. You need to give it permission if you want to monitor the phone state continuously in the background while on a call instead of relying on the OS to hand back to the app. You also don't need permission to see if another app is attempting to get audio focus, such as the phone ringing. What you're describing is lazy developers taking an approach that they think is right and easy without actually doing research. You only need the READ_PHONE_STATE permission if you have an app that intends to steal audio back in the middle of the call such as say an alarm. There's also a debate at the moment about whether the IMEI should be able to be read out with a different permission as there's more reasons to read an IMEI than for instance to know the current phone number of an ongoing call.

                    Android permissions are continuously evolving, and that makes a lot of developers lazy.

                    When you install a third party keyboard on Android, you are basically installing a key logger. With iOS when you install a third party keyboard on iOS, you have to give it explicit permission to access the network.

                    Which every keyboard app does anyway because they incorporate an online spell checking system including the ability to download multiple languages. What's your point?

          • by AmiMoJo ( 196126 )

            There have been numerous security flaws in the crapware bundled with Dell and other manufacturer's PCs. You have to rely on the manufacturer for updates to it, or disable it. Same goes for Android.

            Google does do OS updates for non-Nexus devices. They come via the Play store. It's absolutely untrue that Google can't patch the OS. They can patch it, and what's more the Play store services can detect and remove malware, or put mitigations in for the few security issues they can't patch.

            That's why you don't see

            • I can uninstall any crapware that is on a Wndows PC - or I can avoid crapware entirely by buying PCs from Dell's or HPs business units.

              I can also install the newest version of Windows without waiting for the manufacturer. I was even able to stick a Windows 7 disk in an old unsupported Mac Mini from 2006 and install it.

              Yes Google is able to update Google Play Services but there are parts of the low level OS they can't update.

      • In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

        I'm not sure why the significance of voluntarily escapes you.

      • by AK Marc ( 707885 )

        In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

        I'm free to invite anyone into my house I want. Yet, I still lock the doors at night. A voluntary walled garden, every night. Arguably literally. Choosing to be safe is like locking your car doors at the mall. If you lock your car doors when you go shopping, you are a hypocrite. You have the freedom to invite absolutely anyone into your car, so locking it DESTROYs your freedom. Why do you hate freedom?

      • In other words voluntarily lock yourself into a walled garden? But isn't one of the biggest advantages of Android the freedom to install anything you want from any place you want?

        Sure it is, but when you get malware and other crap ... don't bitch to the rest of the world. Nobody said it would be safe, merely that you are free to do it if you want.

        The problem is that even stuff which comes from the official Android stores are barely above what I'd call malware ... they all want access to your contact list,

    • Re: (Score:3, Informative)

      by Anonymous Coward

      If you have malware, that's cause you (or someone with access to your phone) installed it.

      Not necessarily true. There are quite a few passive vectors for injecting malware into older android apps. The numerous stagefright vulnerabilities included.

    • by AK Marc ( 707885 )

      If you have malware, that's cause you (or someone with access to your phone) installed it. Don't do that.

      So there exists no browser exploit, no vulnerable apps on the app store, and no other way for your phone to have a problem unless you sideload a "bad" APK? Seems like there are some vulnerabilities you are missing on your list.

    • timothy has nothing better to do but inject Android FUD into the blogosphere ..
  • by Anonymous Coward

    I have a Nexus 6. Google have provided useful applicatons that shipped with the device. I don't download anything from the Google Play store. Full stop. I don't need or want anything that did not come with the phone. One reason for going with the Nexus devices is I get a guaranteed update path and a steady stream of patches unlike going with say, Samsung from a carrier. I know friends who go months before getting patches.

    • So the only way that you don't get malware and get OS updates (for maybe two years) is by buying the phone from the same company that makes the OS. That sounds like a wall gardened to me

      But then you said you don't install any apps. That's more like a walled desert.

      • How is it a walled garden, when you aren't limited to the Google app store? In most cases, you aren't even limited to the Google-supplied OS on the phone. From another side, iOS is a walled garden because there's a single source of software, curated by Apple. If they allowed other app stores on an un-jailbroken iPhone, no one would call them "walled" either.
  • by Anonymous Coward on Saturday September 19, 2015 @03:54PM (#50557151)

    "the recently degraded performance of which leads me to believe that it's infected with malware. "

    Occam's razor says your degraded performance is much more likely to be due to more mundane reasons like incompetent apps / OS (Google, here's looking at you), than malware.

    • by AmiMoJo ( 196126 ) <mojo@worl[ ]net ['d3.' in gap]> on Saturday September 19, 2015 @04:04PM (#50557203) Homepage

      Yep, the questioner's phone isn't infected by malware. He bought into the paranoid rants about Android malware that are 99% bullshit.

      If he only downloaded apps from Play he is safe. Google scan every app for malware. He's done a malware scan too. There is nothing wrong. Any performance issues are likely just because he installed a ton of crapware, much of which is now pinging advertising servers that are marked as "bad" on various hosts file lists but are actually just mundane.

      Uninstall some stuff, see if the situation improves. Or wipe back to factory and this time install one app at a time and see if it kills performance. A handy tip is to look at the battery use screen and see which apps are chewing up energy.

    • by raymorris ( 2726007 ) on Saturday September 19, 2015 @05:36PM (#50557685) Journal

      In particular, I wonder if the Facebook app is installed. It's pretty nasty. If you're not a Facebook-aholic, just use your browser to access facebook.com. If you ARE on Facebook 30 times per day or more, recognize that it's having a significant negative impact on your phone (and probably your life), then decide what you want to do.

      • Or you can just switch off notifications all the stuff you don't care about, and set it to sync rarely. Problem solved.

        I have a wakelock analysis program installed and Facebook is never in the top ten.

        • Have a good look at all the permissions that the Facebook app has. I know, it'll take quite a long time to read the whole list. Then look at the terms of use. You've solved a small part of the problem. You are of course free to make your own decisions. Thoee decisions are not without costs.

      • Or just install Tinfoil for Facebook [google.com] which is just a wrapper on the mobile site and fairly limited in terms of the permissions needed.
    • by caseih ( 160668 )

      Absolutely. I have an older phone and lately it's been getting slower and slower and kills apps more frequently as memory is tighter now. I don't have many apps, and I don't auto update the apps. The only thing on the phone that automatically updates are the Google Play Services and the Google Play apps, which update often and silently. Both are much much bigger than they used to be. It's kind of out of control.

      The worse thing about the Android ecosystem is the complete lack of version control. Once an

  • by Ash-Fox ( 726320 ) on Saturday September 19, 2015 @03:59PM (#50557173) Journal

    I have a fairly new, fairly fancy phone running Android Lollipop, the recently degraded performance of which leads me to believe that it's infected with malware. That, and a friend who noticed a lot of strange activity coming from my phone's IP â" sorry, I don't have the logs

    I don't believe your friend. Verify it yourself first.

    • by Anonymous Coward

      If you never installed anything from other than the playstore, I doubt you have malware, despite the
      AV companies telling you how important their services are, and how Microsoft and Apple both
      say Android malware is extremely prevalent. I don't know a single person who has gotten
      Android malware, even once. And I co-run an Android group.

  • Things to consider (Score:5, Informative)

    by Artem Tashkinov ( 764309 ) on Saturday September 19, 2015 @04:13PM (#50557241)

    In case you got a sophisticated piece of malware which installed a rootkit into your bootloader or system partition, a simple factory reset will *not* help, so your *only safe* remedy is to reflash your phone *completely*. Google for "Reflash Nexus 6" or follow this link: http://forum.xda-developers.co... [xda-developers.com]

    After that make sure you install apps *only* from Google Play and you have "Allow Unknown Sources" under Security disabled. Make sure that the apps you install have a considerable number of positive reviews and the apps make use of sane permissions.

    Make sure you're the only person who uses your smartphone, because other people may do things you'll regret later. If you absolutely need to let someone use your phone, activate a guest account for them and let them run only the apps they need.

    Create a decent password for your lock screen (at least six digits) and make sure your phone locks after a period of inactivity.

    If you're extremely paranoid, before installing an app, find its offline version, i.e. apk (they are usually easily googeable) and run it through virustotal.com (I usually do that when I install unpopular dubious apps).

    • One more thing: never disregard system updates. Install them right away. Perhaps you were p0wned via the stagefright vulnerability. Try to recall if you received MMS'es from unknown people lately.
    • Who downloads apps from outside the app store? That's practically begging for trouble.

      • by nadaou ( 535365 ) on Saturday September 19, 2015 @06:24PM (#50557953) Homepage

        To be fair I've more faith in apps from f-droid.org [f-droid.org] than in I do in apps from the Play store. The flashlight and music player apps there don't want access to your contacts list, unique ID, and wifi connections. And their code seems to be more highly vetted than those in the Play store.

        • by tepples ( 727027 )

          F-Droid also tended to be lacking in high-production-value games the last time I checked.

          • by nadaou ( 535365 )

            It has Robotfindskitten, what else does anyone need?

            (ok, ok, there's no Moon Buggy, yet)

            • by tepples ( 727027 )

              It has Robotfindskitten

              So does anything with an NES emulator, since I made a robotfindskitten implementation for NES [nesdev.com]. But a text game with about 2.5K of code that someone could hack up in a night doesn't quite qualify as "high-production-value games".

              , what else does anyone need?

              I was referring to, say, a first-person shooter or action-adventure game with characters more detailed than smiley faces or stick figures and environments more detailed than just a bunch of featureless boxes.

        • by Z00L00K ( 682162 )

          I agree - some apps installed want access to all the stuff on the phone without constraints even when I don't see a reason for it. And there's no way to exclude the access rights and still install the app.

  • Factory reset you phone and stop side-loading shady/pirated apps and you'll be fine. I've never had an issue with malware on Android and I been using it for over five years now (N6).
  • by phantomfive ( 622387 ) on Saturday September 19, 2015 @04:37PM (#50557375) Journal

    a friend who noticed a lot of strange activity coming from my phone's IP — sorry, I don't have the logs, but he pointed out that there were pings coming from my phone to a lot of sketchy addresses — which pretty much seals the deal.

    Pull out WireShark and see what's getting sent. I consider advertisers to be "sketchy addresses," and I think your friend is probably a noob if he didn't show you what was in the packets.
    If you're not interested in doing that, then just factory reset your phone.

  • by thedarb ( 181754 ) on Saturday September 19, 2015 @04:59PM (#50557505) Homepage

    ...don't install stuff you don't need. Don't pirate apps. Educate yourself via XDA on what is safe, what is not, and what apps are simply performance suckers.

  • As with life, you need to think and act for yourself a bit here. No free and easy answers, but it's unlikely that you're "infected", you probably just have a lot of bloatware apps draining resources and spying on you. Remember, the boundary between malware and adware/spyware is thin indeed, so your best bet is to start at the beginning and re-think your digital life.

    Everything we do on our phones fits into one of two broad categories:
    1. Personal and work life. Deeply private, sensitive and importan
  • simple answer (Score:2, Offtopic)

    by lkcl ( 517947 )

    What's your approach to detecting and dealing with Android malware?

    don't use android. this is not said in a sarcastic, troll-baiting, flame-fest-demanding or other meaninglessly fucking stupid way or any other way which is to be misunderstood, either accidentally or deliberately. it is said in a simple factual way. if you use a monoculture OS, supplied in binary form only and, for commercial (profit prioritisation) reasons not properly supported by the manufacturer (no, google is NOT the manufacturer of the world's 3rd party android mobile phones, they are the supplier

  • "That, and a friend who noticed a lot of strange activity coming from my phone's IP"

    Sound's like your friend is a load more steps ahead than the rest of us, who have none of the information he was working to. He noticed somehow (no detail here), and he know which sites and which he believes are sketchy. Sounds like the best source of help is this friend.

  • >"What's your approach to detecting and dealing with Android malware"

    Um, not turning on "allow unknown sources" and then installing a bunch of stolen/sketchy/unknown crap from shady/strange/random/unknown places. It mostly really is that simple. I have never had malware on any of my many Android devices.

  • What To Do About Android Malware? The answer it not to download and install it from unreliable sites ...
  • Virtually all of this malware comes from warez sites and other dubious sources malvertising etc. If people are really so dumb as to download "sexy girl screensaver" or some cracked software which asks for ALL the permissions then they get everything they deserve.

    Stick to the official store or a trusted third party one. It's highly unlikely that you will be infected and if by misfortune you are, there is a chance that the software can be remotely killed and removed before it does any harm.

  • - Complete, firmware-level wipe (if possible, depends on phone model), re-installation of stock firmware, or...
    - Complete, firmware-level wipe (if possible, depends on phone model), installation of custom ROM (which will support some of the phone functionality, depending on ROM), and...
    - Avoid anything not from the google app store, and any app requiring high-level permissions, and any app requiring access you don't want it to have, or...

    - Get an iPhone (which is not 100% safe, but safer than essentially an

  • Install a restraining bolt.

Those who can, do; those who can't, simulate.

Working...