Stories
Slash Boxes
Comments

SoylentNews is people

Google Play Apps with 1.5 Million Downloads Drained Batteries and Slowed Devices

posted by martyb on Sunday September 01 2019, @05:19PM   Printer-friendly
from the caveat-emptor dept.

upstart writes:

Submitted via IRC for Fnord666

Google Play apps with 1.5 million downloads drained batteries and slowed devices

The apps—a notepad app called "Idea Note: OCR Text Scanner, GTD, Color Notes" and a fitness app with the title "Beauty Fitness: daily workout, best HIIT coach"—carried out the stealthy form of fraud for almost a year until it was discovered by researchers at security firm Symantec. Google removed them from Play after receiving a private report.

The newly discovered tactic positioned advertisements in places that weren't visible to end users—specifically in messages displayed in the nether regions of an infected phone's notification drawer. When a user clicked on the notification, Android's Toast class opened the ad—but in a way that wasn't visible to the user. The technique worked by opening a Canvas and using the translate() and dispatchDraw() methods to position the ads beyond the viewable screen area of the infected device. The result: the app could report a revenue-generating ad click even though users saw nothing.

Another way the apps concealed the ad-clicking was through the use of so-called packers. By changing the entire structure and flow of an APK, such packers can obfuscate the true behavior of an Android app. That makes it hard for Google scanners to detect malicious apps during any vetting processes.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Google Play Apps with 1.5 Million Downloads Drained Batteries and Slowed Devices | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by barbara hudson on Sunday September 01 2019, @07:24PM (6 children)

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday September 01 2019, @07:24PM (#888567) Journal

    The lack of even the most basic note taking app, todo list, or reminders facility running locally is a huge hole in terms of out-of-the-box usability. You should not be required to visit the mother ship for such basic functions. These are basic tools that should run locally, store their data locally, and screw Google and their anal surveillance probes.

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=2, Interesting=1, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 1, Informative) by Anonymous Coward on Sunday September 01 2019, @07:35PM (1 child)

    by Anonymous Coward on Sunday September 01 2019, @07:35PM (#888569)

    https://m.apkpure.com/search?q=notepad [apkpure.com]

    I await your objection to sideloading an apk.

  • (Score: 2) by c0lo on Sunday September 01 2019, @10:30PM (1 child)

    by c0lo (156) Subscriber Badge on Sunday September 01 2019, @10:30PM (#888624) Journal

    The lack of even the most basic note taking app, todo list, or reminders facility running locally is a huge hole in terms of out-of-the-box usability. You should not be required to visit the mother ship for such basic functions.

    By this measure alone**, an Android is not absolutely useless.
    Granted, it may make it useless (or crippled) for most of the people. Yet, for those that can code and install their own app...

    These are basic tools that should run locally, store their data locally, and screw Google and their anal surveillance probes.

    Mmmmm, that's an idea. An one-off $2-$5 price for such an application may define a good enough market segment.

    ** there is still the matter of getting rid of those Google apps weaved in the Android experience.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

  • (Score: -1, Spam) by Anonymous Coward on Monday September 02 2019, @06:01PM (1 child)

    by Anonymous Coward on Monday September 02 2019, @06:01PM (#888902)

    "Real coders don't need either GUIs or automatic memory management. Delphi is dead" by BarbaraHudson (3785311) July 12, 2019

    Delphi/FreePascal != "automatic memmgt", does TRUE 'stand-alone' .exe & MULTIPLATFORM (smartphones/BSD/Linux/Windows/MacOS) GUI + services, tty term etc. & Object Pascal since TIOBE INDEX inception 2001 NEVER OUT of TOP 20 https://www.tiobe.com/tiobe-index/ [tiobe.com]

    So - 'Real coder' show work you do registered /.ers like/use (they do mine & I've proof - you don't) https://it.slashdot.org/comments.pl?sid=14501806&cid=59037984 [slashdot.org] https://it.slashdot.org/comments.pl?sid=14501806&cid=59038002 [slashdot.org] https://it.slashdot.org/comments.pl?sid=14501806&cid=59038016 [slashdot.org] https://it.slashdot.org/comments.pl?sid=14501806&cid=59038034 [slashdot.org] https://it.slashdot.org/comments.pl?sid=14501806&cid=59038042 [slashdot.org]

    You're all BLOWHARD 'talk' & ERRONEOUS as hell talk too (see above vs. your bs) - barbarahudson's "hotairware"/"notthereware" lol!

    (Prove otherwise - I've asked THAT of you many times https://slashdot.org/comments.pl?sid=14448786&cid=58998430 [slashdot.org] & YOU "Run, Forrest: RUN!!!" ya bullshitter weirdo!)

    "I am better than you & smarter" by BarbaraHudson September 04, 2017

    You don't prove it!

    "I should do my part to make the world a safer place" by BarbaraHudson (3785311) July 29, 2019

    I do, you don't & registered /.ers use/like my work that does so https://slashdot.org/comments.pl?sid=14382950&cid=58945680 [slashdot.org]

    "you're just lazy. Or incompetent. Or both." by BarbaraHudson August 21, 2017

    You're BOTH - see next below, lol!

    ---

    DUMBASS tried to say THIS stops null-terminated string buffer overflows https://slashdot.org/comments.pl?sid=14350406&cid=58924180 [slashdot.org] lol - WRONG (segmented macro asm code jmp type stuff from 16-bit that hasn't mattered in decades)

    BarbaraHudson = WRONG on C vs. Pascal https://slashdot.org/comments.pl?sid=14351188&cid=58921060 [slashdot.org] SPEED & SECURITY (vs. null terminated C string buffer overflows) advantage https://hardware.slashdot.org/comments.pl?sid=14365360&cid=58932312 [slashdot.org] (C++ = same too & w/ STL = safe BUT 5x slower - you CAN'T WIN, loser). IF you use char array pointers OR array positions to do hardcoded pascal strings your C/C++ string lib functions (designed to work w/ dangerous null-terminated strings) will fail too & again you can't win https://slashdot.org/comments.pl?sid=14365286&cid=58932238 [slashdot.org]

    MICROSOFT KNOWS Memory bugs in C and C++ code cause security issues so Microsoft is considering alternatives https://www.theregister.co.uk/2019/07/18/microsoft_argues_for_memorysafe_languages_hints_at_move_from_c_to_rust/ [theregister.co.uk] & PASCAL COVERS THIS IN STRINGWORK per the above!

    WRONG on Delphi/Linux https://slashdot.org/comments.pl?sid=14357208&cid=58929022 [slashdot.org]

    WRONG on String types/size DELPHI has for API etc. https://slashdot.org/comments.pl?sid=14357208&cid=58942910 [slashdot.org]

    ("3++ STRIKES - 'yer out'")

    ---

    "women aren't suited for tech "because estrogen"? by BarbaraHudson (3785311) July 17, 2019

    No just you: YOU bear a child from your CORRUPT body MISTER & prove me wrong ON THAT & points in my links above - you can't. Pass a chromosonal test as a REAL female - good luck that!

    Slicing off your balls DOESN'T MAKE YOU A REAL WOMAN DELUDED freak - you're a MAN on ESTROGEN CHEMICALLY CASTRATING ITSELF!

    (Trying to twist FACT I state on YOU onto REAL women? Not even "nice try")

    ---

    "APK, the failed man-child who claims to be self-employed" by BarbaraHudson (3785311) July 18, 2019

    I own a business for 12++ yrs. (1994-2007 as a professional programmer-analyst/software-engineer & retired from working for others running a business since late 2007 onward)

    YOU FAILED AS A MAN by CHEMICALLY NEUTERING yourself.

    ---

    Leftist AntiTRUMP REJECTS = bottom of the barrel:

    Arstechnica's Peter Bright child molester ADMITS "he's in a sexual relationship with an 11-year-old" https://www.breitbart.com/tech/2019/06/09/feds-leftist-tech-reporter-peter-bright-arrested-for-soliciting-child-sex-online/ [breitbart.com]

    HIS RAP SHEET https://www.docdroid.net/UMNWMSx/bright.pdf#page=4 [docdroid.net] (disgusting) LITTLE BOYS "SUCKING HIS SNAKE" etc. - et al NO BAIL GRANTED (FBI agents/judges felt he's dangerous to kids).

    "I'm a leftist" barbarahudson https://slashdot.org/comments.pl?sid=14391394&cid=58948616 [slashdot.org]

    YEA: A leftist that "ain't RIGHT" (on TONS of levels).

    ---

    "being able to drive you nuts" by BarbaraHudson (3785311) July 26, 2019

    YOU CUT OFF YOUR NUTS & CALL ME NUTS?

    (LMAO - that's a laugh!)

    ---

    * Barb said I started it?:

    "You’re the one who started it" by BarbaraHudson (3785311) July 13, 2019

    "trolling the hosts file guy in one easy step The next time you see a post by him, just reply anonymously." by tomhudson (43916) March 31, 2011

    YOU started up again w/ ME 1st recently IMMEDIATELY on your return to /. https://tech.slashdot.org/comments.pl?sid=14311560&cid=58890562 [slashdot.org]

    "You either don't know what you're talking about, or you're intentionally lying" by BarbaraHudson September 03, 2017

    No - that's ALL YOU, projecting as usual & you prove it FOR ME: See ALL above.

    APK

    P.S.=> DISMANTLING a "TraNsTeSticLe": Eat yer words

    • (Score: 0) by Anonymous Coward on Tuesday September 03 2019, @04:55AM

      by Anonymous Coward on Tuesday September 03 2019, @04:55AM (#889117)

      Hmm I think someone forgot to take their meds this morning...