this post was submitted on 02 Jun 2024
407 points (89.7% liked)

Technology

55655 readers
4231 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
407
In case you missed it: Bank info-stealing malware found in 90+ Android apps with 5.5M installs (mashable.com)
submitted 1 month ago by return2ozma to c/technology
106 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 40 points 1 month ago (6 children)

The whole point is that at some point somebody can check, and you can have a higher level of trust in that than proprietary software.

And if someone does something like this then it has to be disguised as an innocuous bug, like heartbleed, they can't just install full on malware.

It's a different beast entirely.

[–] [email protected] 19 points 1 month ago (4 children)

If we are talking about bigger projects with hundreds of thousands or millions of downloads, than this may be true. But smal scale projects have so few people actively looking through them that even to automatic scan done by the playstore has a higher chance of catching malware. It doesn't even have to be bad intent, two years ago there was a virus propagating trough the Java class files in minecraft mods which reached the PCs of quite a few devs before it was caught.

I don't dislike FOSS, a lot of the apps I use come straight from github, but all this talk about them beeing constantly monitored by third parties is just wishful thinking.

[–] [email protected] 0 points 1 month ago (1 children)

I'm not sure you're understanding the argument: you cannot monitor closed source, therefore, you have at least as many eyes looking at my random crap on github as you do on the random crap some companies are doing.

[–] [email protected] 3 points 1 month ago* (last edited 4 weeks ago)

And you didn't understand what I said. While you can not monitor closed source at the code level, you definitely can monitor the apps behaviour. Even the automatic threat protection from the playstore protect function is worth more than the measly amount of people looking through smaller projects codebases.

I hate Google with a passion, but with all their control over android devices, they are more than capable of scanning apps for malicious behaviour and automatically removing them. These few apps in the article are the 0.01% of malicious apps that their algorithm didn't detect.

load more comments (2 replies)
load more comments (3 replies)