DroidDream Malware Enters Official Android Market, Chaos Ensues After Root Exploit Found Embedded

Yesterday was a bad day for the Android Market.  Popular Redditor lompolo discovered odd duplicates of some very popular apps in the market and decided to download a few to see exactly what the difference was.  The news was not pretty, and the guys at Android Police jumped all over it, looking for more.  What did they discover?   Well, that developer “Myournet” was taking popular apps from the market, repackaging them with malware included, and then republishing them to the market alongside the legitimate version.  Included in these new versions was the famous root exploit “rageagainstthecage” (yep, it was rooting devices) and other embedded apks which had the potential to do some serious damage and steal more information than you can imagine…

…it does more than just yank IMEI and IMSI. There’s another APK hidden inside the code, and it steals nearly everything it can: product ID, model, partner (provider?), language, country, and userID. But that’s all child’s play; the true pièce de résistance is that it has the ability to download more code. In other words, there’s no way to know what the app does after it’s installed, and the possibilities are nearly endless.

But that’s not all.  Android security machine Lookout, stepped into the situation to help ease minds of their customers, but also found two additional developers that were distributing similarly affected apps:  Kingmall2010 and we20090202.  With these 3 “developers” combined, there were more than 50 apps in the official Android Market that could potentially steal a massive amount of information from your smartphone.   (more…)

Lookout Locates Stolen Car, Returns DROID Incredible to Owner in 7 Minutes

Lookout has become the go-to security app for many Android users, but one in particular was able to use it to locate his stolen car and Droid Incredible in just 7 minutes.  The poor guy was on his way out to his car to go grab groceries for the fam’ and was held up at gun point by some lunatic.  The gunman then took the guy’s car which happened to have his Incredible sitting inside with Lookout Security activated.  So as any Android enthusiast would do, he ran inside, pulled up Lookout on his PC browser, found his car, sent the cops there, and they arrested the sucker in 7 minutes.

Android 1.  Gunman 0.   (more…)

Lookout Premium Headed to Android “Later this Year”

Famed mobile security app Lookout is announcing to its long-time userbase that there will be a premium version of their service some time before the end of the year.  (In the next 2.5 months?)  The important part here isn’t that they’ll have new features included in the premium version, but that in order to keep a free version with the full list of current benefits, you need to have it installed now or at least before the paid version launches.  If that sounds confusing, just understand that you should download and install Lookout now if you want to keep all of its current features free for life.

The letter below explains it much better than I can.   (more…)

Lookout Clarifies Accusations Against “Suspicious” Wallpaper App

The Android app world was taken a little by storm yesterday when a report broke through Venturebeat, that a wallpaper app on the market, which “had been downloaded millions of times,” was stealing information from users and sending it off to a mysterious server somewhere in China.  (Oh no China!)  The company behind these accusations was non other than mobile Android security app maker, Lookout who had just finished up, what they consider to be a major Android security project.  Now at first glance, the story came off a little scary and was quickly picked up by over a dozen major news outlets, all jumping on the “Android has no control” bandwagon.  And then today happened.

AndroidTapp and Android Central contacted the developer of the app in question, finding out that the report is apparently, complete BS.  In fact, they have thrown together a step-by-step visual guide plus an interview explaining the absurdity of the claims made by Lookout who has now clarified their claims after their initial stance was called into question.  It’s too bad the damage has already been done to both Android’s reputation and the developer.

Yikes.

Hello LookoutVenturebeatMaliciousChinaServer-gate.

Via:  AndroidTapp, Androinica, VentureBeat, Android Central

wavesecure vs. mobile defense vs. lookout

there have been many questions surrounding the abundance of security applications out there for your android device and we decided it was time to finally compare the big three:  wavesecure, mobile defense and lookout.  (all are currently free.)

to start off this review, check out this chart we threw together comparing the different options involved in each application…

after looking at that chart, your initial reaction would probably be to want to go out and grab wavesecure immediately.  and sure, it’s a great app, but the one thing you’ll notice missing, is the scheduling aspect.  i find that scheduling is my best friend when it comes to backup applications.  on your home pc, would you ever run a backup or anti-virus scan if you had to do it manually or do you just set those bad boys up to run in the background?

lookout on the other hand, which is the application i currently have installed on my droid runs scheduling but is definitely missing some key features including backups of call logs, videos, and texts messages.  i love that it runs my backup at night while i’m asleep, but i’m not sure how much longer i can go without being able to backup the dozens of videos, thousands of texts, and call logs from my phone.

and mobile defense, as you may have guessed, is miles behind the other two.  the app installs on your phone and immediately goes into hiding and is only accessible from their website.  you can connect to your device from their site which is nice, but the options just aren’t there yet.  they have notices on their website confirming updates in the future which will allow backups and wipes, but right now, doesn’t have either as a feature.

my verdict?  all of the applications do a fantastic job at the security aspect of their functionality which is locating your device if it is ever lost or stolen.  so it really comes down to those few key additional features then.  do you like scheduling or do you want to be able to backup your videos, texts and call logs?  i’m sticking with lookout for now, but if they refuse to add an option for video, text and call log backup, our relationship may end much sooner than they know.

additional info:

wavesecure:  https://www.wavesecure.com/
mobile defense:  https://www.mobiledefense.com
lookout:  https://www.mylookout.com

your questions?

q:  do wavesecure and mobile defense use international sms? 
a:  both have confirmed changes made to their systems so that international sms texts are no longer charged to u.s. customers.  (not sure what that means for the rest of the world just yet.)

q:  do anti-virus programs for android really work?
a: a great question.  since android is a linux-based os, most believe that it is not susceptible to viruses and that anti-virus software can in the long run, cause problems to your phone.  i use lookout, but i have disabled my anti-virus protection.

video: review lookout security for android

continuing on in our video review series of android applications, we stumble onto a fantastic security application called lookout. if you are not aware of lookout, it has gained fame over the last week after being used to return a stolen phone back to its rightful owner.

we had a request to review this app and can’t thank the reader enough for asking. what a great app! not only does it backup your contacts and photos, but it also scans your phone for viruses. and the best part is obviously the fact that it can help you locate your phone should you lose it or have it stolen.

check it!