Gadget Lab Podcast: Fake ‘4G’ on AT&T Phones, Android Insecurity

          

Before the Gadget Lab crew dives into this week’s tech news, we raise our phones to celebrate the removal of Twitter’s god-awful QuickBar — that annoying black bar that appears at the top of your Twitter feed to show advertising and trending topics.

It was so putrid that people called it the “DickBar.” Fortunately, Twitter took the feedback to heart and abolished the QuickBar in its latest software update.

In other news, some customers have found that their brand-new “4G-capable” phones (such as the Motorola Atrix and the HTC Inspire) aren’t actually uploading data at 4G speeds. In fact, some of their speeds are even slower than existing 3G phones. The problem? AT&T just hasn’t flipped the switch yet to enable 4G speeds on these phones. Talk about lame.

We’re disappointed that there likely won’t be an iPhone 5 from Apple this summer, even though we’ve gotten a new iPhone every summer for the past four years. We’re guessing it’s because the white iPhone 4 still hasn’t shipped due to production problems, and Apple wants to give that model some shelf life before introducing an iPhone 5. Plus, a Verizon iPhone only just came out recently.

On the Android front, Amazon opened an Android Appstore last week, and many people probably don’t realize the security risks involved in shopping in Amazon’s store. Getting apps from a third-party app store such as Amazon’s requires checking off an option to enable installations from unknown sources, which can subject you to harmful malware, just like a Windows PC browsing the web.

Already this week, we’ve seen a trojan horse appear inside third-party app stores threatening to infect Android phones allowing installations from unknown sources.

Like the show? You can also get the Gadget Lab video podcast on iTunes, or if you don’t want to be distracted by our ugly mugs, check out the Gadget Lab audio podcast. Prefer RSS? You can subscribe to the Gadget Lab video or audio podcast feeds. Thanks for listening and watching!

Or listen to the audio here:

Gadget Lab audio podcast No. 110

http://downloads.wired.com/podcasts/assets/gadgetlabaudio/GadgetLabAudio0110.mp3


Android Trojan Highlights Risks of Open Markets

Android users who go outside the official Android Market must be careful which apps they install. Photo (of an HTC Droid Eris) by Jon Snyder/Wired.com

Android enthusiasts have long championed Google’s “open” philosophy towards the smartphone platform. The recent appearance of a new Trojan horse in unofficial Android app venues, however, may cause users to think twice about how open they want the platform to be.

The app in question, Android.Walkinwat, appears to be a free, pirated version of another app, “Walk and Text.” The real version is available for purchase in Google’s official Android Market for a low price ($1.54).

If you download the fake app (from unofficial markets for Android apps) and install it, it redirects you to the actual app on the Android marketplace — but in the background, it sends the following embarrassing SMS message to your entire phone book:

Hey,just downlaoded [sic] a pirated app off the internet, Walk and Text for Android. Im stupid and cheap, it costed only 1 buck. Dont steal like I did!

Egregious spelling and grammatical errors aside, the text message serves as a reminder of the risks to those willing to go outside of the official Market for apps.

“Someone downloaded the app, inserted their malware, and uploaded it onto other non-official marketplaces,” Symantec mobile team product manager John Engels told Wired.com in an interview.

In other words, if you go outside the official Market, things may not be what they seem, and there’s no guarantee that what you download is what you actually want.

Google maintains clear content policies on all apps that are uploaded to the official Android Market, and developers know well enough in advance what those policies are, and how not to break them. Whenever an app in clear violation of Google’s policies shows up in the Market — like, say, a piece of malware — Google’s Android engineers are often quick to quash it.

But if you’re not one for pesky rules and regulations and want to see what the non-Google-sanctioned markets have to offer, all it takes to access them on an Android device is for you to uncheck a box on a settings page, allowing your phone to install apps from “unknown sources.”

To a certain degree, this isn’t a huge issue for the novice user. Many outside applications are hosted on file sharing websites that users like your grandmother probably aren’t frequenting. And unless they’ve tried to install these outside applications by sideloading them, they’ve probably never unchecked the unknown source’s permissions box to begin with.

But last week’s debut of Amazon’s new App Store may have changed that. In order to install Amazon’s App Store on an Android device, you first must uncheck that permissions box. While there may be no immediate risks associated with downloading apps from Amazon’s App Store, it opens the door for users to allow other unofficial — and therefore riskier — apps to be installed on their devices, from other sources.

“As soon as you flip that switch and go away from the Android Market, which is the one place where most people go, then you are putting yourself at some risk,” security researcher Charlie Miller told Wired in a previous interview.

“The threat will persist so long as people continue to download pirated software from peer-to-peer networks,” Webroot threat research analysts Armando Orozco and Andrew Brandt told Wired.com.

They say sticking to the Android Market is your safest bet, but if you’re still compelled to go outside the official box for your apps, whether it be to Amazon’s App Store or another unofficial market, you should “scrutinize the permissions the App requests, and don’t install it if it wants access to certain functions (like the ability to send SMS messages) that the app shouldn’t need to access.”

But doesn’t staying within the confines of the Android Market defeat the purpose of choosing a platform with such an “open” philosophy? If you want a stricter, closed system with stringent regulation on its apps via a review process, you might as well buy an iPhone.

“Android users enabling sideloading doesn’t necessarily lead to piracy or installation of apps from unsafe sources,” says Alicia diVittorio, a spokewoman for Lookout Mobile Security. “In fact, it’s great to have another source for consumers to download apps from a reputable brand like Amazon.”

Indeed, Amazon’s Appstore isn’t a great deal different from Apple’s App Store: Both companies require an intense review and approval process before making any developer’s submitted applications available for purchase.

Essentially, there’s an inherent risk that comes with downloading apps for a device with an attitude of openness like the Android. Even the official Market is susceptible to infiltration by malware, as evidenced by the swath of malicious apps pulled from the store earlier this month.

But in a relatively free and open domain such as Android’s, the risk remains the price of admission.

See Also:


Amazon’s Cloud Drive Irk Record labels

Thumbnail image for amazon_cloud.jpg

A day before Amazon launched its Cloud Drive online music locker, rumors resurface about Apple’s plan to revamp MobileMe with a similar feature. Apple would have offered up online music sooner, the rumor goes, only it was attempting to square some deals with major label record companies (similar rumors have surrounded the launch of a music service from Google). Amazon, apparently, did bother with any such safeguards.

According to reports from record industry insiders, the company opted to just go ahead with Cloud Drive, letting labels know as late as March 24th (just days before the service was launched) about its plans. Now the record companies are taking a close look at the service to determine whether Amazon is breaking copyright law or licensing agreements,

The labels are reportedly biding their time, waiting to see how Amazon amends the situation. The site apparently told the labels it planned on negotiating licenses during its prelaunch meetings.

Amazon negotiating for Cloud Player music licensing deals after all?

Publically, Amazon wants you to think it doesn’t care about licensing the music that it will let you store in the cloud, but privately we’re hearing the company is scrambling like mad to work things out with angry music labels as we speak. Specifically, the Wall Street Journal cites a pair of anonymous sources who say Amazon’s actually negotiating deals with the four major labels right now — though Amazon won’t confirm such a thing — which the e-tailer hopes to close in a matter of weeks. What’s more, they say Amazon may move to an system that compares users’ uploaded songs with a database of those tunes it’s managed to licence should the deal go through — a system much like Sony’s Music Unlimited, by the sound of it. It shouldn’t come as any surprise, then, that the Journal quotes Sony Music chairman Martin Bandier in its final paragraph, who makes his pointed indignation at Amazon’s announcement heard:

“This is just another land grab. I can’t make it any plainer than that. It’s really disrespectful, and of course we are considering all of our options.”

Nothing like a little bit of mainstream media coverage to help pressure a business deal.

Amazon negotiating for Cloud Player music licensing deals after all? originally appeared on Engadget on Wed, 30 Mar 2011 23:08:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceWall Street Journal  | Email this | Comments

Get A “Real” Bookstore Experience Online

This article was written on August 08, 2008 by CyberNet.

If you shop Amazon.com frequently for books for whatever reason, maybe because they are more affordable than your local bookstore, but you miss the experience of actually looking at books on the shelf, checkout Zoomii.

Zoomii is a site I recently stumbled upon that tries to give users a “real” bookstore experience by placing books on shelves to browse through. You use your mouse to “drag” yourself all over the bookstore, and you can zoom in and out of the shelves and search for a topic you’re looking for. Clicking on a book will pull up a page with all of the details on it. From there you can add the book to your cart, read reviews, or continue shopping. Zoomii uses Amazon’s API so when you go to buy a book, you are still buying from Amazon which is key.

zoomii.png

Below is a video that will give you a better idea of how the site works:

It’s actually kinda fun to browse through the books on a shelf, although the site seemed a bit resource intensive and slowed my browser down. With how many book covers that are displayed at one time, it’s understandable that it would need a lot of resources to function. One area of improvement that we see is when you are searching for books, it would look incredible if books got pulled off the shelf as you narrow down your search so that in the end, all that would be left on the shelves would be the books that pertained to your search.

Checkout Zoomii.

Copyright © 2011 CyberNetNews.com

Related Posts:


Amazon Cloud Player upsets Sony Music over streaming license, Amazon shrugs

In case you missed the news, last night Amazon gave us a little surprise by launching its free Cloud Player service, which lets you stream your music collection from the cloud to your computer or Android device. While this has no doubt put a smile on many faces (American ones only, for now), Sony Music isn’t too happy about Amazon jumping the gun over licensing for streaming rights. The record label told Reuters that it’s hoping Amazon “will reach a new license deal, but we’re keeping all of our legal options open.” Yikes. In retaliation, Amazon responded with the following statement to Ars Tehcnica:

“Cloud Player is an application that lets customers manage and play their own music. It’s like any number of existing media management applications. We do not need a license to make Cloud Player available. The functionality of saving MP3s to Cloud Drive is the same as if a customer were to save their music to an external hard drive or even iTunes.”

Of course, the bigger story here is that Amazon’s free Cloud Player is going head-to-head with Sony’s Music Unlimited streaming subscription service, which was pushed out last month after plenty of money talk with various record labels. Understandably, Sony isn’t willing to let Amazon cut through the red tape here without a fight, and this may also affect similar music locker services like mSpot and MP3Tunes, albeit at a much smaller scale. In fact, Sony’s already expressed its discomfort with those particular companies’ mode of operation, so you can probably expect to see this tension boiling over to some form of legal action before long. Now that a big shot like Amazon’s involved, it’s almost inevitable.

[Thanks to everyone who sent this in]

Amazon Cloud Player upsets Sony Music over streaming license, Amazon shrugs originally appeared on Engadget on Wed, 30 Mar 2011 02:26:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceReuters, Ars Technica  | Email this | Comments

What Is Amazon Cloud Drive? [Cloud]

Amazon’s taken a leap into the cloud, and they’re taking your music with them. But what exactly is Amazon Cloud Drive? And more importantly: how do you use it? More »

Kindle subscription to the New York Times will net you free web access as well

Can’t get enough New York Times over your Whispernet? Worry not, dear Kindle reader, for Amazon’s on a roll with its announcements today, the latest of which is that a subscription to the NYT on its world-conquering e-reader will also grant users access to the paywall-protected NYTimes.com online portal. No complex rules or conditions, you’ll just be one of the insiders who get unfettered access to all the fine old school journalism practiced at Times towers. See Amazon’s press release after the break or hit the source link to learn more about the $28-a-month (for international users) subscription.

Update: The sub price is $20 in the USA, the $28 cost we first saw relates to those signing up from the UK and other international markets. Thanks, russke!

Continue reading Kindle subscription to the New York Times will net you free web access as well

Kindle subscription to the New York Times will net you free web access as well originally appeared on Engadget on Tue, 29 Mar 2011 07:31:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAmazon  | Email this | Comments

Amazon Cloud Player goes live, streams music on your computer and Android

Oh snap! Look who just ate Apple and Google’s lunch here? Minutes ago, Amazon rolled out its very own music streaming service which is conveniently dubbed the Amazon Cloud Player. Existing Amazon customers in the US can now upload their MP3 purchases to their 5GB cloud space — upgradable to a one-year 20GB plan for free upon purchasing an MP3 album, with additional plans starting at $20 a year — and then start streaming on their computers or Android devices. Oh, and did we mention that this service is free of charge as well? Meanwhile, someone will have some catching up to do, but we have a feeling it won’t take them too long.

[Thanks to everyone who sent this in]

Update: As some readers have confirmed, it appears that the Cloud Player will support music purchased from iTunes as well, presumably from the post-DRM era.

Update 2: Press release after the break.

Continue reading Amazon Cloud Player goes live, streams music on your computer and Android

Amazon Cloud Player goes live, streams music on your computer and Android originally appeared on Engadget on Tue, 29 Mar 2011 00:06:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAmazon  | Email this | Comments

Amazon.com lets you play with an Android virtual machine, try apps before you buy them

When Amazon’s Appstore rolled out last week, we glossed over one detail that merely seemed neat. Today, we’re inclined to say that Test Drive may be the most significant part of Amazon’s announcement that day. Basically, Test Drive allows US customers to take apps for a spin at Amazon.com, with all the comfort that their tried-and-true desktop web browser brings — but rather than sit you down with a Flash-based mockup of the app, Amazon is giving you a taste of bona fide cloud computing with an Android virtual machine.

In other words, what you’re looking at in the screenshot above isn’t just a single program, but an entire virtual Android smartphone with working mouse controls, where you can not only try out Paper Toss, but also delete it, browse through the device’s photo gallery, listen to a few tunes, or even surf the web from the working Android browser — as difficult as that may be without keyboard input. Amazon explains:

Clicking the “Test drive now” button launches a copy of this app on Amazon Elastic Compute Cloud (EC2), a web service that provides on-demand compute capacity in the cloud for developers. When you click on the simulated phone using your mouse, we send those inputs over the Internet to the app running on Amazon EC2 – just like your mobile device would send a finger tap to the app. Our servers then send the video and audio output from the app back to your computer. All this happens in real time, allowing you to explore the features of the app as if it were running on your mobile device.

Today, Amazon’s Test Drive is basically just Gaikai for mobile phones — its purpose is simply to sell apps, nothing more. But imagine this for a sec: what if you could access your own smartphone data, instead of the mostly blank slate that Amazon provides here?

[Thanks, Ryan]

Amazon.com lets you play with an Android virtual machine, try apps before you buy them originally appeared on Engadget on Sun, 27 Mar 2011 18:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  sourceAmazon  | Email this | Comments