• @eskimofry
    link
    English
    -1247 months ago

    As a developer this question is hilarious to me

      • @Hobo
        link
        English
        19
        edit-2
        7 months ago

        For a real answer here’s the Zscaler blog write up: https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google

        It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.

        • @[email protected]
          link
          fedilink
          English
          47 months ago

          Ugh, TIL zscaler actually does more than just send my PII to the USA without my consent.

      • @trolololol
        link
        English
        -47 months ago

        As an Android developer that comment makes me sad. Then I remind myself that Lemmy is full of people who migrated from Reddit.

        • @[email protected]
          link
          fedilink
          English
          37 months ago

          Dude, do you not want people on this platform? Reddit migrants come with baggage yes but I’d rather that than the husk that was Lemmy before.

          • @trolololol
            link
            English
            -27 months ago

            I’m not gonna scream back at you,… I’m just going to walk back… very… very… slowly…errrrrrrr

        • Liz
          link
          fedilink
          English
          37 months ago

          We each have our specialties, and it would be unreasonable to ask that everyone share yours.

        • @eskimofry
          link
          English
          17 months ago

          Hey don’t pretend that you didn’t migrate as well.

    • @[email protected]
      link
      fedilink
      English
      647 months ago

      Why? They’re absolutely right. The article doesn’t say anything about a root exploit or phishing either so were left wondering…

      • @Tyfud
        link
        English
        117 months ago

        He’s being condescending because he believes as a developer nothing is actually fully secure. If I spend 100 hours building and securing something, that’s not going to stack up very favorably vs the 1,000’s or even 1,000,000’s of hours attackers and communities can spend trying to break my security layers.

        Basically, he’s a dick in how he answered the question, but the truth every software engineer learns, is that there is no fully secure system. There’s always an angle/attack vector you didn’t think of and secure.

        • @[email protected]
          link
          fedilink
          English
          27 months ago

          Of course there are (or there can be) fully secure systems. The problems come when you assume something is.

          • @eskimofry
            link
            English
            17 months ago

            Hey but that wouldn’t make money to companies like google ot samsung.

            Your smartphone is itself a security hole. It has 10+ sensors on it nowadays and who knows how many apps lying about their privacy promises.

        • @eskimofry
          link
          English
          17 months ago

          Hey I was just trying to make a joke… but looks like I didn’t consider the wording too carefully.

      • @eskimofry
        link
        English
        17 months ago

        Android as a system has too many moving parts. You not only have to worry about various device manufacturers compiling their own versions of AOSP, you have to worry about how manufacturers package unremovable apps like facebook, candy crush, etc.

        The backdoor is actually the front door… and it is app vendors who are actually the customers… not the phone owners.

        The main reason smartphones took off is that business people were salivating at an always on, always listening device with 10+ sensors collecting data on this whole world. And we pay for the privilege.

        Android has to be designed to collect data and show you ads. Is it really surprising that security here is just security against free access to this data from outsiders… and not caring about your security?

      • @eskimofry
        link
        English
        17 months ago

        There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.