Comments on: Phishing Android App Steals Banking Info

By: Robert

Robert — Fri, 30 Jul 2010 21:24:09 +0000

@AnonCow — as much as it might not be the wise thing to do, no one deserves to have their money taken away from some scum bag.

By: NoobToDroidNotComputers

NoobToDroidNotComputers — Wed, 24 Feb 2010 05:09:13 +0000

What someone else said about paranoia with a dash of common sense seems like very good advice. I’ve had it less than a week but if someone were to take over my Droid the most they would get is a short history of websites visited, my phone number and my contacts.

My bank would have to do some serious selling and insurance against fraud before I would even think of putting that type of data on my phone. A 3rd party app doesn’t stand a chance even if it is legit.

Chase (I usually don’t name names, but in this case I will) claimed they didn’t receive my Visa payment TWICE within 6 months of them taking over my old bank.

It was the first time in 25 years the postal service ever “lost” a check I had mailed to a creditor. The first time I let it go and they rescinded $80 in late fees and interest.

The 2nd time it happened they refused to forgive late fees and charges even though I had money in my checking and savings accounts that I transferred to cover the entire bill immediately (not just minimum payment). The customer DISservice representative kept telling me I
should “not put myself in that position” – that is trusting that the US Postal Service would deliver my payment even though they’ve been doing it for 25 years and the only checks they’ve ever “lost” were sent to Chase for Visa card payments within the last 6 months – both were mailed with other bills that all reached their destination.

Sorry Chase – you are a scam artist like all the rest. This is why I am a former customer. I will NOT put myself in the position of trusting you ever again.

These huge institutions end up hurting themselves in the long run. The reason I am a Verizon customer is because another major wireless company told me I could roam as much as I wanted to and so I did – then they sent me a bill for 10 times the amount I expected (over $500) and the increase was all due to roaming charges.

Several of their customer reps told me they could make an adjustment but they never did.

I never paid the bill – I sent certified letters to them asking for arbitration. They never responded. I really wonder what they sold the debt for – it was probably less than I was willing to settle for. Instead I’ve been paying Verizon $50-100 a month for the last 8 years. Do the math – AT&T screwed themselves by trying to screw me.

Verizon isn’t perfect. I’ve had a couple of disagreements with them but they’ve been minor enough or settled well enough that I can’t even recall what they are now. OTOH AT&T is on my “never do business with again” list.

By: Clavis

Clavis — Fri, 15 Jan 2010 16:09:11 +0000

When I want to do banking, I use an app on my phone called “Dialer”… and I connect to my bank’s phone system. It’s no slower and much more secure.

By: rigamrts

rigamrts — Wed, 13 Jan 2010 18:04:30 +0000

actually there should be zero tolerance for requiring personal info such as banking info unless created and submitted through a hefty screening process.

By: Abrown

Abrown — Wed, 13 Jan 2010 05:23:35 +0000

So this should make Google aware that some precautions need to be taken. I personally would like something that shows you the most credible, safe apps first in searches. I noticed that while playing around in the market that searching for something as harmless as youtube brought up anything BUT youtube. this could be just as bad or worse when looking for apps that share private information. Perhaps there should be “secure apps” that have been screened for malware, spyware, and viruses, or at least certified by Google so that users know “ok if I download this app it’s not going to screw me for everything I’ve got.” It was bound to happen with loose controls on the system. However, I think that we can still have a very free and open system while having security as well…is it too much to ask for both?

By: Gregory Creaser

Gregory Creaser — Tue, 12 Jan 2010 20:59:10 +0000

Regardless of fair judgement, common sense or even pure paranoia — Android users should have been given a bit more protection. Clearly little to no vetting process was employed as we do here at VeriSign with extended validation SSL implementation. And any program that requires the user to give up sensitive information should be scrutinized to some degree.

By: fupadroid

fupadroid — Tue, 12 Jan 2010 19:42:32 +0000

why do you need an application for banking? why dont you just go onto your banks website?????????????

By: rigamrts

rigamrts — Tue, 12 Jan 2010 15:59:11 +0000

ha ha people are so dumb. if the banking app your downloading isn’t provided on your banks website. houston we have a problem. but the people deserved to get scammed for not asking thier bank first.

By: anonymous

anonymous — Tue, 12 Jan 2010 11:36:55 +0000

And what was the name(s) of the software?

By: Hank

Hank — Tue, 12 Jan 2010 06:03:28 +0000

Don’t put a password from one location into another (and that means don’t reuse passwords). I was hesitant to put my password into one of the Net Flix programs…why would anyone put their bank password anywhere? Maybe people should be required to take a competence test before they can download an application.

By: John

John — Tue, 12 Jan 2010 06:00:24 +0000

IMO, what needs to happen is Droid09 needs to be hunted down and prosecuted to the fullest extent. 10-20 years in prison – a mandatory sentence. That’s the first step. The second step is pretty obvious to most by now: Any program that requires the user to give up sensitive information should be scrutinized.

By: Jeff

Jeff — Tue, 12 Jan 2010 03:55:19 +0000

Google has a massive banish program going on where they have permanently banned thousands of advertisers who are running AdWords campaigns which they consider scams. I know of people spending huge 5 figures per month with Google that were categorically banned, supposedly without recourse or appeal.

And those who were banned and thought they could simply re-open new accounts with new names, credit cards and IPs were easily caught with Google AI algorithms (since this was obviously the bad guys’ next move).

I see no reason Google couldn’t use that same AI to permanently ban those criminals (or at least make it a lot more difficult) so they can’t get into the marketplace again.

Jeff

By: treefq

treefq — Tue, 12 Jan 2010 02:49:57 +0000

I am super paranoid with my computer (comes from being in IT for a long long time). I trust nothing. I had already figured out the google market was more of a jungle then iphones, but I wouldn’t give up the open source.

Just be paranoid.

By: Dennis

Dennis — Tue, 12 Jan 2010 02:38:50 +0000

There is a system in place.. It’s called looking out for each other. It is in fact a big part of what open source is all about. This scam was easily found and removed. I don’t have too many worries over the mass exodus of users fleeing.. In fact history is against such a thing when you look at the Windows world as an example. As a Linux user, I would like it very much if there was a layer in between developers and making it available. With Linux, you have experimental, testing and stable levels of software.. It would behoove Google to create such a buffer of volunteers to vet apps.. However lacking such a thing, I have to use my best judgment, and rely on my peers.

By: Michael

Michael — Tue, 12 Jan 2010 02:31:46 +0000

@AnonCow – couldn’t have said it better. At the end of the day, Android is still a nerd product,and it will take a long time yet for this to change.
Maybe Google will need a much tougher / scrutinized application market for general consumption, and then another for the people that do research.