Malware Charges a Fee for Free Apps on Google Play

Android.Opfake is malware used to scam mobile device owners into paying a small fee for apps by sending out premium-rate SMS messages from Android devices. It has continued to grow and evolve into a threat that potentially affects a large population of Russian-speaking Android device owners. A quick Internet search will show over a hundred sites, including dedicated sites for popular apps and other sites, pretending to be app market sites with various apps available. There are several variants of Android.Opfake hosted on these sites with different methods to lure victims there initially, and different steps involved in each scam.

We recently came across one variant that carries out its actions in an interesting fashion. The end result makes it so obvious that Android.Opfake is fraudulent because it directs the device owner to Google Play to install the app even though installation had already happened. In this instance, the apps are hosted on dedicated sites as well as fake app markets—typical for Android.Opfake. Here is an example of one of these sites hosting a popular app:
 

After downloading, installing, and opening the app, an installation appears to run again:
 

That’s strange, we already installed the app; this installation must be fake.

When the fake installation completes, the device owner is asked to confirm an agreement and continue by clicking a button. Where is this agreement, you may ask? There is actually a link at the bottom of the screen. If read, the agreements states the user will be charged for using the app. It's difficult to notice. You may not even see it:
 


 

Let’s press the only button available. We next see a screen that displays a URL and only one button again:
 

Pressing that button opens the website shown below. There are many apps listed on the page, but we want to take note of the first URL at the top of the page. This is the URL for the app on Google Play that is supposed to be installed already:

Selecting this link does indeed open up Google Play, at least. If you take a close look at the title and the icon of the app on this page, you’ll notice the app we thought was originally installed is absolutely free on Google Play (where we recommend getting it from rather than from an untrusted site):
 


 

At this point, it might cross someone's mind that they had just become a victim of a scam or, at least, have a feeling there is something not right here. It’s a bit too late as far as the scam goes because the premium-rate SMS message has already been sent (in the background) during the fake installation.

You should only install apps outside of Google Play from trusted sites. Always check permissions before installation, regardless of where the app is found. If you are not comfortable with some of the permissions requested by the app, do not install it. This particular malware takes advantage of SMS-related permissions, for instance, to perform malicious activities. Games usually should not require such permissions. Finally, protecting your device with a security app such as Symantec’s Norton Mobile Security is also recommended.

Feds Considering Allowing DVD-Encryption Cracking

Photo: ToastyKen/Flickr

LOS ANGELES — Federal regulators considered testimony Wednesday here at UCLA Law School on whether to allow citizens and filmmakers to legally crack DVD encryption meant to protect the discs from being copied.

Filmmakers, video mixers and others have petitioned the U.S. Copyright Office for the ability to continue to use DVD decryption tools to copy short clips of DVDs from motion pictures to put into their own films. The issue isn’t whether they have a fair-use right to the material, but whether they can utilize decrypting tools to make the best reproduction for filmmaking purposes.

Another proposal for the first time calls for the public at large to be authorized to make copies of their own DVDs without breaching the Digital Millennium Copyright Act of 1998, which makes it unlawful to circumvent encryption technologies in items that you buy.

Earlier in the day, here at UCLA, regulators held a hearing as part of its deliberations over whether it will continue to allow Americans to jailbreak their mobile phones, and whether they will expand that right to cover tablets and videogame consoles. Jailbreaking and rooting are techniques used to get past manufacturer-installed roadblocks that prevent users from having full control over their devices.

Every three years, the U.S. Copyright Office entertains requests to create temporary loopholes in the law that outlaws the circumvention of encryption technologies. The afternoon public hearing largely focused on the s0-called CSS that must be cracked to make a copy of a DVD. All DMCA exemptions, which are proposed by the public, expire in three years and must be reauthorized by the Copyright Office.

Clarissa Weirick, the general counsel of Warner Brothers Home Entertainment, testified against all the decryption measures.

“If we didn’t have access controls, there might be the same kind of mass piracy we’ve seen with unprotected music,” Weirick said about the copying of DVDs, a proposal put forth by digital rights group Public Knowledge, which did not attend the hearing.

Weirick, a representative from Fox and the major motion picture studios under the Motion Picture Association of America opposed all the measures proposed in the afternoon public hearing, which included about 2 dozen members of the public in attendance.

They said that there is no need to grant the public the right to make copies of their DVDs because the studios are streaming and selling movies online now, and that the public does not own the movies they buy on DVDs. They own the license to play it on a DVD, they argued.

And when it comes to cracking encryption to make snippets out of films to be put in new films, the industry opposed reauthorizing the cracking of the DVD encryption for that purpose. The industry testified that filmmakers instead can use screen-capturing software or they can license the clips from the studios.

Filmmakers oppose that because of the poor quality of screen-capture reproduction.

(Screen-capturing does not crack encryption because it copies what is shown on a computer screen.)

Filmmaker Laurence Thrush testified that screen-capturing software turns clips into “mush.”

“The fabric of reality is very important to these projects,” he testified.

Jonathan McIntosh, a remix artist, was also asking the regulators to allow him to bypass circumvention that prevents the copying of streamed movies, so that he may use the best picture quality available of the snippets he places in his own films. Doing so, he said, helps “to engage in a healthy public debate.”

He said he has a “zero budget” when it comes to paying for a license, some of which carry clauses that forbid filmmakers from disparaging the movie.

Maria Pallante, the register of copyrights, wondered aloud:

“But I think we’ve heard the market is changing rapidly. Licensing options are changing. Conceivably even with a budget of zero, permission might be possible,” she said.

Corynne McSherry, the intellectual property coordinator with the Electronic Frontier Foundation, told Pallante and other top-ranking lawyers in the U.S. Copyright Office here that granting the exemptions at issue is “not going to help pirates,” so they must be granted.

Exemptions are allotted by the Copyright Office if regulators are convinced consumers are “adversely affected in their ability to make non-infringing use due to the prohibition on circumvention.”

Approved exemptions by the Copyright Office must be also be sanctioned by the Librarian of Congress, currently James Billington. Regulators are not expected to make any approvals until later this year, at a date not yet disclosed.

It’s Tinkerers v. Hollywood as Copyright Office Mulls New Jailbreaking Rules

Register of Copyrights Maria Pallante. Photo: Wikimedia Commons

LOS ANGELES — To jailbreak or not to jailbreak? That was the question on everybody’s mind Thursday as copyright regulators, content creators and digital rights groups battled over whether Americans should have the right to tinker with the devices that they buy.

The U.S. Copyright Office held the hearing Thursday as part of its deliberations over whether it will continue to allow Americans to jailbreak their mobile phones, and whether they will expand that right to cover tablets and videogame consoles. Jailbreaking and rooting are techniques used to get past manufacturer-installed roadblocks that prevent users from having full control over their devices. In the case of the iPhone, jailbreaking allows users to run applications not approved by Apple.

Every three years, the U.S. Copyright Office entertains requests to create temporary loopholes in the law that makes it unlawful to circumvent encryption technologies in items that you buy. It’s that time again, the fifth go-around following the Digital Millennium Copyright Act’s 1998 passage.

“This is essentially like letting consumers open the hoods of their own cars,” said Marcia Hofmann, a staff attorney with the Electronic Frontier Foundation, which is asking for the hardware exemptions.

About two dozen exemptions have been granted since the DMCA’s passage. They are allotted by the Copyright Office if regulators are convinced consumers are “adversely affected in their ability to make non-infringing use due to the prohibition on circumvention.”

The office granted the exemption for mobile phones in 2010, which makes it set to expire next year.

Later in the day, here at the UCLA School of Law, the public hearing will shift to a discussion of cracking of the CSS encryption on motion picture DVDs.

It’s all part of a long-running showdown between the big copyright holders who view the world as divided into creators and consumers, and a coalition of librarians, digital rights groups, disability activists and hackers who seek to preserve a world where people can repurpose, upgrade and build upon the devices and media they legally buy, just as hackers, painters and culture jammers have done for decades before the DMCA.

EFF staff attorney Marcia Hofmann. Photo: redtimmy/Flickr

Christian Genetski, general counsel of the Entertainment Software Association, told the Copyright Office, whose panelists included its top attorneys and Maria Pallante, the register of copyrights, that freeing Americans to bypass access controls on videogame consoles would decimate the gaming business.

“It will gut videogame consoles’ piracy protections,” he said. “We’re here today because our copyright interests are at stake.”

Allowing such jailbreaking, Hofmann countered, would allow the so-called homebrew community of game developers to play their games on the machines, while also allowing researchers to use the consoles like computers in the furtherance of science.

But the regulators were not clear whether the videogame hack was necessary. They suggested scientists could use computers for their research, and homebrew gamers can play those, too, on their computers.

Robert Kasunic, deputy general counsel of the Copyright Office, suggested that the benefits don’t outweigh the tradeoffs to piracy.

“How do you balance, for instance, the use of being able to put Pong on a homebrew system with the numbers we are aware of in terms of videogame piracy?” he asked, noting that millions of videogames are already being shared without authorization on The Pirate Bay.

David Carson, the office’s general counsel, asked Hofmann whether Sony, the maker of the PlayStation, has ever denied a researcher who had asked to re-enable access to Linux that the PlayStation once provided.

“I have not heard of any instances of that,” Hofmann replied.

Genetski said the risk was too great. Authorizing videogame-console hacking would foster an even greater videogame pirating community, he argued.

For research and playing homebrewed games, he said, “Clearly, there is an alternative platform that is available.”

All DMCA exemptions, which are proposed by the public, expire every three years and must be reauthorized by the Copyright Office. The Copyright Office’s approved exemptions must then be approved by the Librarian of Congress, currently James Billington.

Regulators are not expected to make any approvals until later this year, at a date not yet disclosed.

But when it came to leaving intact the office’s 2010 decision authorizing smartphone jailbreaking — to acquire root access to the phone — the regulators appeared to believe phone users have a fair use right to do so, to enable them to run apps of their choice.

“Developers need the access to produce better-quality applications. Can you respond to that?” Pallante asked Steve Metalitz, who represented the Business Software Alliance, the motion picture studios and recording artists.

“The exemption should be limited to that,” Metalitz said.

He added that regulators should not dictate to American companies like Apple what apps they should allow on their phones.

“There is a no god-given right to sell a Chevy at Ford dealers,” he said.

Jay Freeman, the founder of Cydia, the alternative Apple app store for jailbroken iOS devices, said in the last year alone, 54 million unique Apple devices have downloaded his store. Freeman did not testify, but was in the audience of less than two dozen onlookers.

He noted that during the last exemption go-around, Apple staunchly protested, saying authorizing jailbreaking would ruin its business model, which at the time included 1 billion Apple-approved app downloads.

Today, more than 25 billion apps have been downloaded from Apple’s app store, and its stock is skyrocketing. Apple, which had also claimed jailbreaking would open cell towers to sabotage, was nowhere in sight at today’s hearing.

“Apple just doesn’t seem to care,” Freeman said of the latest jailbreaking proposal.

Still, the regulators said they needed more information about authorizing, for the first time, the ability to jailbreak tablets, despite the widespread ability for the public to already do so via the Dev-Team for Apple’s devices and a motley crew of other Android rooting teams.

For starters, the regulators noted that e-readers are included in the EFF’s tablet proposal.

Carson suggested that allowing the jailbreaking of a Nook or Kindle, or other “single-purpose” device, “might jeopardize” the copyrighted material on those devices.

“There are some very important copyright concerns that might be militating against it,” he said.

Comcast Suspends Data Cap Temporarily, Will Test New Overage Fees

Comcast is replacing its strict 250GB monthly data cap for residential users with a higher cap and a way to buy extra data, hoping to stem criticism that the nation’s largest cable ISP is throttling the open internet.

Comcast is suspending enforcement of its hard 250GB cap nationwide as of Thursday, while it prepares two regional tests of new caps that come with ways to buy chunks of data if you go over them. Users who repeatedly crossed Comcast’s 250GB cap, instated in 2007, have been be cut off and banned from the network for a year. Critics, including Netflix CEO Reed Hastings, have accused Comcast of trying to protect its core cable television business from online video services.

Comcast executive vice president David L. Cohen said that kind of cap sent the wrong message, especially since only a “small small percentage gets near the threshold.” The company declined to say what that percentage is.

“We want to send a signal to customers that our network is robust and has tremendous capacity,” Cohen said in a conference call with reporters Thursday. “We don’t want customers to have a sense that we can’t use this app on the internet.”

The two upcoming trials will impose a 300GB cap, with overage fees of about $10 for 50GB of more data. In one trial, faster tiers of service will have higher caps, while the other will impose the same 300GB cap on all speeds.

“This will effectively offer unlimited use of service,” Cohen said. “Customers can buy and use as much data as they like.”

But Cohen admitted Comcast doesn’t want users to think that the network has that much capacity. The cap is being raised a mere 50GB (less than a 5 percent yearly increase in capacity). And the company is spending considerable effort to measure the traffic for each customer, to build a usage meter and create a warning and billing system.

And as more people scale back or eliminate cable television subscriptions in favor of online video, data usage will continue to grow. Video streams, especially high-quality video, uses a lot of bandwidth. An HD movie, for instance, can take about 3.5GB of data. However the price of moving data continues to fall dramatically, so that a large cable operator like Comcast pays a tiny, and falling, percentage of its revenue for moving data in and out of its network.

While the company declined to clearly explain why it was even bothering to keep a cap, Comcast is either laying the groundwork for a future where many customers actually pass their cap regularly and pay for more data – as the nation’s two largest mobile carriers are betting on, or they are facing a real problem with over-usage by a very small percentage of their userbase that they think they can solve with a method less draconian (and bad-PR-producing) than cutting the user off.

Comcast also seemed to be trying to divert attention from a controversy surrounding their new service for XBox users which streams the company’s cable TV offering to the XBox using IP protocol. But that data usage doesn’t apply to the cap, which some see as a violation of the FCC’s new net neutrality rules. But Comcast says it’s in the clear since its allocated a new slice of its cable pipes to the product, so the traffic isn’t technically competing with online video such as YouTube or Netflix.

Comcast did not say whether those who had been booted from the network under the old policy would be given amnesty to return. Comcast has yet not started the trials or determined their exact parameters or locations.

Local traffic congestion measures, where Comcast throttles heavy data users for 15-minute periods when local loops are filling up, will remain in effect, now and into the future, Cohen said.

But until the trials finish and the new pay-as-you-go model is put into effect, there’s a brief window of unlimited data use for Comcast customers, so download while the downloading is good.
Photo: Imelda/Flickr