Has anyone ever found any malware? Which AV app were you using?
For the last 3+ years I've run Bitdefender daily on my phone.
Ed Cryer wrote:
For the last 3+ years I've run Bitdefender daily on my phone.
No app that runs on the phone is allowed to even see the files belonging
to another app (individual linux file system and linux user per app) so android AV is largely theatre.
For the last 3+ years I've run Bitdefender daily on my phone. It's never reported a single hit; not a one in more than (3x365 =) 1,095 runs.
Has anyone ever found any malware? Which AV app were you using?
Ed Cryer wrote:
For the last 3+ years I've run Bitdefender daily on my phone.
No app that runs on the phone is allowed to even see the files belonging
to another app (individual linux file system and linux user per app) so android AV is largely theatre.
For the last 3+ years I've run Bitdefender daily on my phone.
No app that runs on the phone is allowed to even see the files belonging
to another app (individual linux file system and linux user per app) so android AV is largely theatre.
Mobile AVs don't have an on-access (real-time) scanner.
The best they can do is use triggers to initiate a scan,
like when installing an app.
Well, checking if a newly installed app is malicious is still some
malware coverage. Else, they are denigrated to an on-demand scanner
that walks through the file system, but even that's some malware
coverage.
On 29 Jun 2023 at 10:15:54 PM, VanguardLH <V@nguard.LH> wrote:
Mobile AVs don't have an on-access (real-time) scanner.
Every day, the default Android scanner checks all apps, so it's not just real-time scanning upon the installation of the apps which is occurring. https://support.google.com/googleplay/answer/2812853?hl=en
The best they can do is use triggers to initiate a scan,
like when installing an app.
The default Android scanner can also "deactivate & remove" apps. https://support.google.com/googleplay/answer/2812853?hl=en
Well, checking if a newly installed app is malicious is still some
malware coverage. Else, they are denigrated to an on-demand scanner
that walks through the file system, but even that's some malware
coverage.
See above. The default Android scanner runs once a day, whether or not you are using the phone and whether or not you recently installed any apps.
This Tom's Guide implies that the default scanner looks for viruses too. https://www.tomsguide.com/reviews/google-play-protect
Take a look at that article and see if it changes your opinion above.
Andy Burns wrote:
No app that runs on the phone is allowed to even see the files
belonging to another app (individual linux file system and linux user
per app) so android AV is largely theatre.
Google claims over a hundred billions
No app that runs on the phone is allowed to even see the files
belonging to another app (individual linux file system and linux user
per app) so android AV is largely theatre.
Google claims over a hundred billions
As part of the O/S, google can run stuff as root, which an app (on a non-rooted device) cannot do.
Every day, the default Android scanner checks all apps, so it's not just
real-time scanning upon the installation of the apps which is occurring.
https://support.google.com/googleplay/answer/2812853?hl=en
None of that qualifies as an on-demand (real-time) scanner. The Protect feature of the Play Store app is check what apps you have installed
against a blacklist.
- It runs a safety check on apps from the Google Play Store before you
download them.
Yep, a blacklist.
- It checks your device for potentially harmful apps from other sources.
These harmful apps are sometimes called malware.
Yep, a blacklist.
- It warns you about potentially harmful apps.
Yep, a blacklist.
- It may deactivate or remove harmful apps from your device.
This catches some users by surprise. They were using an app, and it
disappeared, because Google got around to blacklisting it, and the
Play Store app then complied with Google's blacklist.
- It warns you about detected apps that violate our Unwanted Software
Policy by hiding or misrepresenting important information.
Where do you think that policy is enforced? Up on the server, and
Play Store app warns you.
- It sends you privacy alerts about apps that can get user permissions
to access your personal information, violating our Developer Policy.
Again, a blacklist that warns you about Google's concerns with apps.
- It may reset app permissions to protect your privacy on certain
Android versions.
It also monitors how long since you last used an app, and will
"archive" it. The latest versions of Android has a setting to
override this auto-archiving. Took awhile, but it eventually got
pushed to earlier versions of Android (Play Store app, settings ->
General -> Automatically archive apps). Before the setting got added,
you had to keep answering No to the archive prompt. Archiving the app
meant it lost its permissions. You had to guess which ones to
reactivate when reenabling the app.
None of that equates to an on-demand AV scanner. It is, however, some protection by regulating which apps you can download and install, or
even keep.
The best they can do is use triggers to initiate a scan,
like when installing an app.
The default Android scanner can also "deactivate & remove" apps.
https://support.google.com/googleplay/answer/2812853?hl=en
I was speaking about AV apps, not the Play Store's Protect feature, not
it checking a blacklist to see which to delete.
Well, checking if a newly installed app is malicious is still some
malware coverage. Else, they are denigrated to an on-demand scanner
that walks through the file system, but even that's some malware
coverage.
See above. The default Android scanner runs once a day, whether or not you >> are using the phone and whether or not you recently installed any apps.
This Tom's Guide implies that the default scanner looks for viruses too.
https://www.tomsguide.com/reviews/google-play-protect
Stop calling it the default scanner. It doesn't scan. Looking at the
list of apps installed on a phone is not scanning it for malware.
That's like saying File Explorer in Windows is the default scanner
because it can look at filenames.
Take a look at that article and see if it changes your opinion above.
Nope. Monitoring and managing app installations is nowhere the same as
an on-demand AV scanner. Someone at Google deciding an app is bad, and
the Play Store complying with the red/green list, is not the same as an on-demand AV scanner that locally checks the contents of the files for
the apps.
"Google Play Protect may be free, but it's not as effective mobile
security as some third-party options."
This is very similar to enterprise inventory software that decides what
can be installed on a company's workstations. A client runs on the workstation to monitor what got installed on it, and checks with the
server if those are allowable programs. That's not AV detection.
That's software inventorying.
If you look at the Play Store Protect settings, you'll realize that it
also incorporate cloud scanning by sending unknown apps to Google to get analyzed. The Play Store app isn't making the decision. Someone up at Google decides, and the blacklist may get updated.
On 2023-06-30, Andy Burns <usenet@andyburns.uk> wrote:
No app that runs on the phone is allowed to even see the files
belonging to another app (individual linux file system and linux user
per app) so android AV is largely theatre.
Google claims over a hundred billions
As part of the O/S, google can run stuff as root, which an app (on a non-rooted device) cannot do.
Isn't the Google Play Store just another app?
Why then can the Google Play Protect (whose settings are inside the Google Play Store app) "run stuff as root", but something like Samsung Knox can't?
I assume Knox also runs with system privilege, since it's part of Samsung's OS.
Incubus <u9536612@gmail.com> wrote:
On 2023-06-30, Andy Burns <usenet@andyburns.uk> wrote:
No app that runs on the phone is allowed to even see the files
belonging to another app (individual linux file system and linux user >>>>> per app) so android AV is largely theatre.
Google claims over a hundred billions
As part of the O/S, google can run stuff as root, which an app (on a
non-rooted device) cannot do.
Isn't the Google Play Store just another app?
No.
Why then can the Google Play Protect (whose settings are inside the Google >> Play Store app) "run stuff as root", but something like Samsung Knox can't?
Google Play Services runs with system privilege, which other apps don't.
I assume Knox also runs with system privilege, since it's part of Samsung's OS.
Am 30.06.2023 um 14:07:54 Uhr schrieb Theo:
I assume Knox also runs with system privilege, since it's part of Samsung's >> OS.
I have a pixel. Not a Samsung. What does Knox do that the pixel doesn't do?
On 30 Jun 2023 at 5:12:06 AM, VanguardLH <V@nguard.LH> wrote:
Every day, the default Android scanner checks all apps, so it's not just >>> real-time scanning upon the installation of the apps which is occurring. >>> https://support.google.com/googleplay/answer/2812853?hl=en
None of that qualifies as an on-demand (real-time) scanner. The Protect
feature of the Play Store app is check what apps you have installed
against a blacklist.
While I'm sure once Google Play Protect scans find a bad apple they add it
to a blacklist, the Google description specifically says it uses complex heuristics (just like any AV scanner would do) and not just a blacklist.
"Play Protect leverages Google's powerful machine learning algorithms to combat PHAs. Google's systems learn which apps are harmful and which are
safe by analyzing our entire app database. The algorithms look at hundreds
of signals and compare behavior across the Android ecosystem to see if any apps show suspicious behavior, such as interacting with other apps on the device in unexpected ways, accessing or sharing personal data without authorization, aggressively installing apps (including PHAs), accessing malicious websites, or bypassing built-in security features. These
algorithms also help us understand where PHAs come from and how they make money, so we can determine the motivation behind these types of apps." https://developers.google.com/android/play-protect/cloud-based-protections
- It runs a safety check on apps from the Google Play Store before you
download them.
Yep, a blacklist.
No. You don't fundamentally understand Google Play Protect, probably
because you've convinced yourself that it's nothing more than a blacklist.
"Backed by Google's machine learning, it's always adapting and improving. Every day, Google Play Protect automatically scans all of the apps on
Android phones and works to prevent the installation of harmful apps,
making it the most widely deployed mobile threat protection service in the world." https://developers.google.com/android/play-protect
- It checks your device for potentially harmful apps from other sources.
These harmful apps are sometimes called malware.
Yep, a blacklist.
No. Not a blacklist. You have to understand what Google says it does versus what you think Google does as it's way more sophisticated than a blacklist. https://www.howtogeek.com/355504/what-is-google-play-protect-and-how-does-it-keep-android-secure/
Saying the most sophisticated anti virus protection available to consumers
is a blacklist is like saying a slingshot will do what a space rocket does.
It's clear you fundamentally don't understand how sophisticated AV
heuristics works when it comes to intense deep scanning on the device of
not only every installed app but even the memory that it's running inside.
- It warns you about potentially harmful apps.
Yep, a blacklist.
If you think the most sophisticated anti virus protection in the world is nothing more than a blacklist, then you can't be convinced otherwise.
- It may deactivate or remove harmful apps from your device.
This catches some users by surprise. They were using an app, and it
disappeared, because Google got around to blacklisting it, and the
Play Store app then complied with Google's blacklist.
This happened once out of billions upon billions upon billions of apps.
And you're worried about that?
You may as well be worried about an asteroid landing on your own home. Seriously. Only you would complain about a one-in-billions chances.
Do you play the lottery? You must. People like you always do.
I suspect you put thousands of dollars into the lottery every day since you don't seem to be able to comprehend what it means to be one in a billion.
- It warns you about detected apps that violate our Unwanted Software
Policy by hiding or misrepresenting important information.
Where do you think that policy is enforced? Up on the server, and
Play Store app warns you.
Google Play Protect runs those safety checks whether or not you download
the app from the Google Play Store or from any developer web site also.
It even runs those safety checks if you install from your own hard drives. https://www.rd.com/article/google-play-protect/
- It sends you privacy alerts about apps that can get user permissions
to access your personal information, violating our Developer Policy.
Again, a blacklist that warns you about Google's concerns with apps.
"Google Play Protect is now using a new "Protected Download" API to verify the integrity of models and heuristics downloaded onto devices, ensuring malware authors haven't tampered with them." https://www.reddit.com/r/Android/comments/1195hvn/mishaal_rahman_google_play_protect_is_now_using_a/
- It may reset app permissions to protect your privacy on certain
Android versions.
It also monitors how long since you last used an app, and will
"archive" it. The latest versions of Android has a setting to
override this auto-archiving. Took awhile, but it eventually got
pushed to earlier versions of Android (Play Store app, settings ->
General -> Automatically archive apps). Before the setting got added,
you had to keep answering No to the archive prompt. Archiving the app
meant it lost its permissions. You had to guess which ones to
reactivate when reenabling the app.
"There's one detail rarely mentioned about Google's splashy new Android security effort-and it's a critical point for everyone to understand." https://www.computerworld.com/article/3210587/google-play-protect-android.html
"1. It scans Play Store apps for any signs of malware.
An essential measure, to be sure-and one Google's been doing in this same basic manner since 2012.
2. It monitors apps on your device for any signs of shady behavior.
Google also introduced this in 2012 (and then launched it more broadly in 2013) with the initial goal of addressing apps installed from unofficial, non-Play Store sources. It expanded the system in 2014 to include
continuous monitoring of all apps on all devices.
3. It allows you to remotely locate, lock and optionally wipe your device.
A handy and highly useful function that-yup, you guessed it-has been
natively available in Android since 2013.
4. It warns you about websites that might serve up malware or try to trick you into providing personal information."
None of that equates to an on-demand AV scanner. It is, however, some
protection by regulating which apps you can download and install, or
even keep.
You fundamentally have no idea of what you're talking about if you think
none of those scans are happening in a way you term "on demand" scanning.
"On-demand PHA scan
In addition to a lightweight, daily, automatic scan, users can start a full-device scan at any time. Upon request, the device contacts Google servers for the latest information and scans all apps on the device. If a harmful app is discovered, Google Play Protect notifies the user to take action or takes action on their behalf. This visibility gives users peace
of mind that they have the latest protection at all times." https://developers.google.com/android/play-protect/client-protections
The best they can do is use triggers to initiate a scan,
like when installing an app.
The default Android scanner can also "deactivate & remove" apps.
https://support.google.com/googleplay/answer/2812853?hl=en
I was speaking about AV apps, not the Play Store's Protect feature, not
it checking a blacklist to see which to delete.
That you equate the most complicated scanner on earth to a blacklist is something that nobody is going to get out of your head no matter how many references show that a blacklist is the least of what any AV program does.
"It's more than a malware scanner." https://www.androidcentral.com/apps-software/what-is-google-play-protect "Most people who have heard of Google Play Protect think of it as a great malware scanner for Android apps. It is, but it encompasses a lot more than that. It's a full suite of protective services for your Android phone."
Well, checking if a newly installed app is malicious is still some
malware coverage. Else, they are denigrated to an on-demand scanner
that walks through the file system, but even that's some malware
coverage.
See above. The default Android scanner runs once a day, whether or not you >>> are using the phone and whether or not you recently installed any apps.
This Tom's Guide implies that the default scanner looks for viruses too. >>> https://www.tomsguide.com/reviews/google-play-protect
Stop calling it the default scanner. It doesn't scan. Looking at the
list of apps installed on a phone is not scanning it for malware.
That's like saying File Explorer in Windows is the default scanner
because it can look at filenames.
If you think Google Play Protect doesn't "scan" then no amount of
references proving that it does scan your memory and your file system and
all running apps will convince you that the most sophisticated scanner in
the world is nothing more, to you, than a simple blacklist check.
"Every day, Google Play Protect automatically scans all of the apps on Android phones and works to prevent the installation of harmful apps,
making it the most widely deployed mobile threat protection service in the world." https://developers.google.com/android/play-protect
Take a look at that article and see if it changes your opinion above.
Nope. Monitoring and managing app installations is nowhere the same as
an on-demand AV scanner. Someone at Google deciding an app is bad, and
the Play Store complying with the red/green list, is not the same as an
on-demand AV scanner that locally checks the contents of the files for
the apps.
"Google Play Protect may be free, but it's not as effective mobile
security as some third-party options."
You seem to own the ideas of a very young kid who has never lived through
the antivirus wars of the Windows era when Windows viruses were rampant.
If you did live through those anti virus wars, you learned nothing from
them as EVERY anti-virus scanner has its own flaws, pitfalls & foibles.
Google Play Protect is no exception. It's just another anti virus on-demand automatic heuristic scanner with the main exception being it runs as root. https://www.lifewire.com/what-is-google-play-protect-4773171
This is very similar to enterprise inventory software that decides what
can be installed on a company's workstations. A client runs on the
workstation to monitor what got installed on it, and checks with the
server if those are allowable programs. That's not AV detection.
That's software inventorying.
You fundamentally don't know how heuristic scanning works.
If you're a young kid, then you need to read up on how these things work. https://www.lifewire.com/what-is-google-play-protect-4773171
If you're not a kid, then you probably will never learn how they work. https://www.rd.com/article/google-play-protect/
If you look at the Play Store Protect settings, you'll realize that it
also incorporate cloud scanning by sending unknown apps to Google to get
analyzed. The Play Store app isn't making the decision. Someone up at
Google decides, and the blacklist may get updated.
You fundamentally do not seem to understand that Google Play Protect does a LOT of things. It's MORE than just an AV scanner. And what it does is constantly improving over time. You don't know any of that because you have convinced yourself that it's nothing more than a simple blacklist test.
To provide a balanced view, the OLDER Google Play Protect had huge issues. https://www.spiceworks.com/it-security/application-security/news/googles-built-in-defense-tool-for-android-is-actually-pointless-av-test-report/
Google Play Protect used to suck. It's still not perfect.
But neither is any other Android scanner.
Here is another bad review for Google Play Protect but notice all the bad reviews are very old as Google Play Protect is getting better every day. https://www.gadgets360.com/apps/news/google-play-protect-android-malware-protection-failed-false-detection-rate-av-test-2497882
Samsung does not have an OS. It is just Android.
Joerg Lorenz <hugybear@gmx.ch> wrote:
Samsung does not have an OS. It is just Android.
Just like Google Chrome is a Chromium variant, but with proprietary code added from Google. As far as I know, Pixel and a few others come with a stock Android OS. About as pure as you can get.
brand their customized version of Android with separate or different
features or functions. Saying Samsung's variant of Android is just
Android is like saying SUSE is just Redhat.
Google is trying to alleviate the customization effort a phone maker
puts into branding their OS variant. Before Google gave them the code,
and the phone maker would customize it how they wanted. Google wants to modularize their OS, so customization is separate code instead of
modifying the base code. However, phone makers still create a variant
of Android, and that means they can add or remove whatever they want.
Sorry, I forgot the name of Google's project that was to suppose to modularize Android to make it easier for phone makers to customize.
However, that phone makers customize mandates that they are not
supplying a pure Android OS. The phone makers want to improve, they
want to brand their phones, and they have their own agenda.
For example, there's Chromium, and there's Google Chrome. One is open source. The other is open source with added proprietary code. There's Firefox, and there's Vivaldi. Unless you get a phone with a pure
Android (just a few of those), you get a customized version of Android. Google has their Find My Device while Samsung instead has Find My
Mobile. Phones can come with different dialers. Each phone maker, when customizing the Android OS, can add their own services. They have
similarity to Google's Android, and also have differences.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 297 |
Nodes: | 16 (2 / 14) |
Uptime: | 05:35:33 |
Calls: | 6,666 |
Files: | 12,213 |
Messages: | 5,335,952 |