Active Topics

 


Page 1 of 2 1 2
Reply
Thread Tools
mail_e36 is offline mail_e36
2010-06-23 , 16:44
Posts: 393 | Thanked: 67 times | Joined on Feb 2010
#1
This morning Slashdot linked to an article talking about spyware in Android applications... this made me think, are we N900 owners just as vulnerable to spyware-ridden evil malicious applications as the Android folks? I wonder how many N900 users here actually do source code analysis on applications they install from the 'extras' and 'extras-devel' and 'testing' repositories. I understand the N900 user base is a lot more tech savvy than the Android user base, but who, if anyone is checking the latest and greatest non-Nokia applications for the N900?

"A fifth of Android apps expose private data. The Android market threat report details the security issues uncovered. "

http://yro.slashdot.org/story/10/06/...e-Private-Data

The report is here: http://threatcenter.smobilesystems.c...6-22-10-v1.pdf
 
wmarone is offline wmarone
2010-06-23 , 16:51
Posts: 1,746 | Thanked: 2,100 times | Joined on Sep 2009
#2
As vulnerable as any other computer. I doubt most people do extensive analysis, so it's entirely possible. At the very least, programs that have their sources in the repository can be looked at whereas closed Android software can't.

For the N900 however, the smaller user base and slightly higher barrier for app creation generally makes mostly useless data sniffing apps not very valuable.

It could be worse, your OS could be spying on you for advertising purposes
 
qwerty12's Avatar
qwerty12 is offline qwerty12
2010-06-23 , 16:52
Posts: 4,274 | Thanked: 5,358 times | Joined on Sep 2007 @ Looking at y'all and sighing
#3
Unlikely, but Nokia have taken to including their own: https://bugs.maemo.org/show_bug.cgi?id=10366
 

The Following User Says Thank You to qwerty12 For This Useful Post:
cjp's Avatar
cjp is offline cjp
2010-06-23 , 16:53
Posts: 762 | Thanked: 395 times | Joined on Jan 2010 @ Helsinki
#4
Well ever since PR1.2, N900 comes with in-built spyware. Its called "MyNokia". ;D
 
woody14619's Avatar
woody14619 is offline woody14619
2010-06-23 , 17:12
Posts: 1,455 | Thanked: 3,309 times | Joined on Dec 2009 @ Rochester, NY
#5
Originally Posted by wmarone View Post
It could be worse, your OS could be spying on you for advertising purposes
I doubt we'll have to worry about PR1.3 introducing nAds support.

As for spyware, I'm sure it's possible. One of the nice parts about the garage system though is that it builds the debs from the source in the garage. So if you want to, you can always look at the code. I suspect if something like that were to happen, eventually it would be picked up (like the MyNokia thing was) and a huge stink would be raised about it, with proof in the form of source code.

As for reviewing, I know I looked through the code in the garage for a few apps I was "worried" about that need passwords (for things like IM services and the like). I'm sure most don't bother, but there are at least a few people on here that tend to do that, which is often enough to catch something like this early on.

I also think most people here are developing for the N900 because they have one, and want to make the device/community/experience richer. Not just developing to make themselves richer, like on other socially popular commercial platforms. It's a different mind set, and because of that the risk is lower.
 

The Following User Says Thank You to woody14619 For This Useful Post:
Bundyo's Avatar
Bundyo is offline Bundyo
2010-06-24 , 06:15
Posts: 4,708 | Thanked: 4,649 times | Joined on Oct 2007 @ Bulgaria
#6
Well, it comes from a long way - older Windows had inbuilt Alexa.

Anyway, spyware is possible anywhere - its a question of a choice.
__________________
Technically, there are three determinate states the cat could be in: Alive, Dead, and Bloody Furious.
 

The Following User Says Thank You to Bundyo For This Useful Post:
gmuslera is offline gmuslera
2010-06-24 , 06:37
Posts: 45 | Thanked: 25 times | Joined on Apr 2010 @ Montevideo
#7
First, what are in "normal" repositories gets in some stage approved to be there. And usually the program is with full source. Can't ask normal users that check source of every app they install, not even the ones that vote for them, but the possibility is there,and if the license is one that implies the source, that will make even harder to sneak something.

Of course, that dont take out what happens if i announce an exciting new app that should be downloaded from my web page from binaries instead of a repository. And not sure if there is a policy to put binary only debs on normal repositories. In such cases there are no validation if they are spyware or something worse.

Also,could happen with what is in Ovi store, but in that case who posted it is identified, so odds should not be high in that case.
 
9000 is offline 9000
2010-06-24 , 07:00
Posts: 1,425 | Thanked: 983 times | Joined on May 2010 @ Hong Kong
#8
I asked the same question in a red hat (hackers) meeting. The short answer was "Who dare".

Say, do you want someone order a dozen box of viagra for you, with your credit card, everyday? XD
 
Frappacino is offline Frappacino
2010-06-24 , 07:12
Posts: 619 | Thanked: 691 times | Joined on Feb 2010
#9
sure its possible, but as with most of this stuff its about effort vs return

given the small n900 user base, most of which are very technically literate and competent, do you think there is a big return on writing spyware for the n900 ?

most likely not - unless you have some grudge/reason for targetting n900 users _specifically_

one of the benefits of using a dead platform lol (and I am not being sarcastic)
 
Marlon is offline Marlon
2010-06-24 , 07:40
Posts: 162 | Thanked: 52 times | Joined on Feb 2010
#10
Originally Posted by woody14619 View Post
I doubt we'll have to worry about PR1.3 introducing nAds support.
lol, nads - i'm such a child ;o)
 
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 20:03.

Contact Us - Home - Archive - Top