Hacker News new | ask | show | jobs
by Fischgericht 849 days ago
That story sounds rather fishy. So your father has found the hidden option to enable developer mode which allows APKs to be sideloaded, and then went to some website to download and install an APK?

By the way: According to Kasparsky [1] last year there have been 600 Million downloads of malware that was installed from Google play store, without any sideloading or alternative App stores involved.

And of course the Apple App store also is full of malware and shady stuff, think of all the chinese IoT apps that are phoning home etc.

[1] https://www.kaspersky.com/blog/malware-in-google-play-2023/4...
1 comments
thimp 849 days ago
Yeah he was persuaded to do it, ironically considering YT is Google, using a video on YT which was trying to sell him VPN software. I blame the paranoia from the constant VPN industry adds being forced down your throat really but the point is that it still does happen.

I will add that I have a lot of unsigned APKs on my device as well, but not from those sources!

link
Fischgericht 849 days ago
Ok, but then we are talking about social engineering, and not a technical matter. Social engineering works no matter what the platform is. The caller could have convinced him to give him banking TAN numbers, or send them money etc.

And when it comes to malware it's easier for those attackers to have the malware App on the Google Play store, as this way it's much easier to convince the user to install it...

A friend of mine recently suddenly had someone drawing money from her account using an ATM that was 200 km away while she was shopping with her card. I had a look at her Android phone - nothing Sideloaded on it, they simply appear to have used a fake banking website to make her create a new card without her seeing it.

Long story short: I believe that people need to be taught on how to detect social engineering attempts. And kids should be trained on this in school already.

link