N900 Vulnerable to Spyware?
 

This morning Slashdot linked to an article talking about spyware in Android applications... this made me think, are we N900 owners just as vulnerable to spyware-ridden evil malicious applications as the Android folks? I wonder how many N900 users here actually do source code analysis on applications they install from the 'extras' and 'extras-devel' and 'testing' repositories. I understand the N900 user base is a lot more tech savvy than the Android user base, but who, if anyone is checking the latest and greatest non-Nokia applications for the N900?

"A fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. "

http://yro.slashdot.org/story/10/06/...e-Private-Data

The report is here: http://threatcenter.smobilesystems.c...6-22-10-v1.pdf

Re: N900 Vulnerable to Spyware?
 

As vulnerable as any other computer. I doubt most people do extensive analysis, so it's entirely possible. At the very least, programs that have their sources in the repository can be looked at whereas closed Android software can't.

For the N900 however, the smaller user base and slightly higher barrier for app creation generally makes mostly useless data sniffing apps not very valuable.

It could be worse, your OS could be spying on you for advertising purposes ;)

Re: N900 Vulnerable to Spyware?
 

Unlikely, but Nokia have taken to including their own: https://bugs.maemo.org/show_bug.cgi?id=10366

Re: N900 Vulnerable to Spyware?
 

Well ever since PR1.2, N900 comes with in-built spyware. Its called "MyNokia". ;D

Re: N900 Vulnerable to Spyware?
 

I doubt we'll have to worry about PR1.3 introducing nAds support. ;)

As for spyware, I'm sure it's possible. One of the nice parts about the garage system though is that it builds the debs from the source in the garage. So if you want to, you can always look at the code. I suspect if something like that were to happen, eventually it would be picked up (like the MyNokia thing was) and a huge stink would be raised about it, with proof in the form of source code.

As for reviewing, I know I looked through the code in the garage for a few apps I was "worried" about that need passwords (for things like IM services and the like). I'm sure most don't bother, but there are at least a few people on here that tend to do that, which is often enough to catch something like this early on.

I also think most people here are developing for the N900 because they have one, and want to make the device/community/experience richer. Not just developing to make themselves richer, like on other socially popular commercial platforms. It's a different mind set, and because of that the risk is lower.

Re: N900 Vulnerable to Spyware?
 

Well, it comes from a long way - older Windows had inbuilt Alexa.

Anyway, spyware is possible anywhere - its a question of a choice.

Re: N900 Vulnerable to Spyware?
 

First, what are in "normal" repositories gets in some stage approved to be there. And usually the program is with full source. Can't ask normal users that check source of every app they install, not even the ones that vote for them, but the possibility is there,and if the license is one that implies the source, that will make even harder to sneak something.

Of course, that dont take out what happens if i announce an exciting new app that should be downloaded from my web page from binaries instead of a repository. And not sure if there is a policy to put binary only debs on normal repositories. In such cases there are no validation if they are spyware or something worse.

Also,could happen with what is in Ovi store, but in that case who posted it is identified, so odds should not be high in that case.

Re: N900 Vulnerable to Spyware?
 

I asked the same question in a red hat (hackers) meeting. The short answer was "Who dare".

Say, do you want someone order a dozen box of viagra for you, with your credit card, everyday? XD

Re: N900 Vulnerable to Spyware?
 

sure its possible, but as with most of this stuff its about effort vs return

given the small n900 user base, most of which are very technically literate and competent, do you think there is a big return on writing spyware for the n900 ?

most likely not - unless you have some grudge/reason for targetting n900 users _specifically_

one of the benefits of using a dead platform lol (and I am not being sarcastic)

Re: N900 Vulnerable to Spyware?
 

lol, nads - i'm such a child ;o)