[bkagan]

I hope other will benefit from my misfortune this weekend.As I was getting to go to work, I went to App brain to download some games to play (since I don't have wifi access @ work).All I could find quickly was a find the difference game with simpsons pictures and lame puzzle game with Mario pictures.In a rush I downloaded and installed them without thinking more about it.I have GE installed and have access to all my google accounts.After coming home from work, I left the pad on and plugged it in to charge.When I woke up the next morning and attempted to log into google on my laptop, I was prompted BY GOOGLE, to re-activate my account and reset my password due to unauthorizedsuspicious activity.Luckily I was able to reset everything and regain access but someone/thing has emailed EVERYONE in my contact list a spam URL.To protect myself against that happening again, I firm flashed PDN with 8/20 and maybe tonight I will begin to rebuild what I had.Being so new to Android, i didn't think I needed to worry about security when installing apps. I now know differently.

 

[clockworx]

Post hoc ergo propter hoc - Wikipedia, the free encyclopediaIn other words, the two are not necessarily related, and Android does have security checks in place to control which apps can access what data. I actually think apps might not be even allowed to request access to Google Account info (from what I've read, though that may have changed)

 

[geebekazoo]

As a precaution, I suggest setting up an account on: http://www.mylookout.com and installing the com.lookout.apk. It works via wifi and scans all of the .apks installed on your PDN but will scan them as they are being installed.

 

[bkagan]

In other words, the two are not necessarily related, and Android does have security checks in place to control which apps can access what data. I actually think apps might not be even allowed to request access to Google Account info (from what I've read, though that may have changed)

I'm not sure which TWO you are referencing. the two crApps are unrelated to each other but were downloaded and installed without proper examination.Having GE installed and configured contributed to the security breach but I'm not blaming it, only stating that it was installed as to indicate that was where the information could have been gleamed from.As to my deductive reason, it's more a situation of Occam's razor

 

[Mark Adams]

I'll second MyLookout. Pretty clean interface and does what it says on the tin. If it finds a virus, it takes care of it. If not, you've eliminated that possibility for what ails your PDN. It helps me narrow my problems down to the usual suspect - user error.

 

[clockworx]

[quote name='bkagan;47959]I'm not sure which TWO you are referencing. the two crApps are unrelated to each other but were downloaded and installed without proper examination.Having GE installed and configured contributed to the security breach but I'm not blaming it' date=' only stating that it was installed as to indicate that was where the information could have been gleamed from.As to my deductive reason, it's more a situation of Occam's razor[/QUOTE'] The two I'm referring to are (1) downloading these apps, and (2) getting your google account hacked. There's people out there constantly attempting phishing, viruses, brute force attacks, etc. I recently had my account hacked and I barely download any apps at all. My guess would be that someone brute-forced my account.As I said, I don't think Android actually allows access to google login data, whether an acct is "legit" or not. When you install an app, there's that whole page of screen of warnings that says "This app has permission to:", to let you know what an app has access to. I don't think Google even has the option for users to consent to use of Google account data, it is simply not allowed by anyone but google.

 

[nchntrman]

App Brain required my google account information, including my google account password in order to be setup. Afterwards it was completly useless for downloading .apks as it just links to market. Perhaps some of these 3rd party app store managing sites are to blame?my $0.02

 

[clockworx]

[quote name='nchntrman;47974]App Brain required my google account information' date=' including my google account password in order to be setup. Afterwards it was completly useless for downloading .apks as it just links to market. Perhaps some of these 3rd party app store managing sites are to blame?my $0.02[/QUOTE'] It requires you to enter it within the AppBrain app or on their website though, right? (I think so from reading your post, but wanted to make sure)

 

[aludal]

[quote name='clockworx;47967]The two I'm referring to are (1) downloading these apps' date=' and (2) getting your google account hacked. There's people out there constantly attempting phishing, viruses, brute force attacks, etc. I recently had my account hacked and I barely download any apps at all. My guess would be that someone brute-forced my account.As I said, I don't think Android actually allows access to google login data, whether an acct is "legit" or not. When you install an app, there's that whole page of screen of warnings that says "This app has permission to:", to let you know what an app has access to. I don't think Google even has the option for users to consent to use of Google account data, it is simply not allowed by anyone but google.[/QUOTE']This is serious. If I may I would ask clockworx as a highly respected member of this and many other communities, to describe his experience with this in all possible detail, adding all the caveats and remedies to avoid this crap when handling PDN. It should be in Stickies.Why do I consider it dangerous? PDN is not a Google Market-licensed device and yet it can get an access to it through an "ugly", "non-ugly", and who knows how many more other hacks. Which is to say, even if indirectly, phishing is equally easy. Then, the Market "collection" of apps is one big steaming pile of mostly crapps, with no crap filtering rules working. There are several legit "phishers" like AppBrain adding possibly more uncontrolled crapps. With this on your hand, even Blackdroid.net looks much cleaner. For all the newbies, I'd recommend to limit their appetites to what gebeekazoo has in his fine depository. Before the horizon clears, don't even think of using torrented paid apps or keys: e.g., I've heard from the SPB TV developer himself directly, in strong Russian words, that their full version of highly popular TV streaming app will get some damaging code for those who didn't pay $9.99 for it.

 

[Mark Adams]

No fun. I dunno if there's ever going to be an abundance of caution out here in the wild west of HacktopiaSent from my slatedroid-pdn using Tapatalk

 

[lawman]

In tech support, that's what we call a simple ID10T error.... (nothing personal). Always watch what you're putting into your computer.