It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
Android as a system has too many moving parts. You not only have to worry about various device manufacturers compiling their own versions of AOSP, you have to worry about how manufacturers package unremovable apps like facebook, candy crush, etc.
The backdoor is actually the front door… and it is app vendors who are actually the customers… not the phone owners.
The main reason smartphones took off is that business people were salivating at an always on, always listening device with 10+ sensors collecting data on this whole world. And we pay for the privilege.
Android has to be designed to collect data and show you ads. Is it really surprising that security here is just security against free access to this data from outsiders… and not caring about your security?
There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.
As a developer this question is hilarious to me
As a curious Android user this comment is useless to me
For a real answer here’s the Zscaler blog write up: https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
Ugh, TIL zscaler actually does more than just send my PII to the USA without my consent.
As an Android developer that comment makes me sad. Then I remind myself that Lemmy is full of people who migrated from Reddit.
Dude, do you not want people on this platform? Reddit migrants come with baggage yes but I’d rather that than the husk that was Lemmy before.
I’m not gonna scream back at you,… I’m just going to walk back… very… very… slowly…errrrrrrr
We each have our specialties, and it would be unreasonable to ask that everyone share yours.
Hey don’t pretend that you didn’t migrate as well.
Why? They’re absolutely right. The article doesn’t say anything about a root exploit or phishing either so were left wondering…
They actual report does say it just displays a fake login page. It’s just phishing.
please enlighten the rest of us
and one day you’ll say why, right?
Android as a system has too many moving parts. You not only have to worry about various device manufacturers compiling their own versions of AOSP, you have to worry about how manufacturers package unremovable apps like facebook, candy crush, etc.
The backdoor is actually the front door… and it is app vendors who are actually the customers… not the phone owners.
The main reason smartphones took off is that business people were salivating at an always on, always listening device with 10+ sensors collecting data on this whole world. And we pay for the privilege.
Android has to be designed to collect data and show you ads. Is it really surprising that security here is just security against free access to this data from outsiders… and not caring about your security?
Explain yourself
There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.