Okay - this 'tech' news cycle is really irritating.

Avast came out with a promotion for their premium service by announcing that some apps have infectious 'malware'. From this blog post, all kinds of ridiculous headlines have surfaced:


I have a problem with this kind of FUD spewing out marketing departments such as Avast. For one, they have neatly included a promotion for their subscription-based checksum comparison tool, which is probably named something like "SUPER SHIELDS UP 2015 PREMIUM ANDROID MEGASHIELD HASH SECURITY SUITE". Next, sensationalized language combined with over-inflated numbers create a critical mass for major news outlets to feed on, none of whom have the slightest idea of what they're talking about (with the added bonus of more advertisement). Take for example the Forbes article:

These clicks can potentially open up malware-infested web pages, run illicit processes on the handset, or prompt the user to install other applications.

Who cares? Don't install crap on your phone in the first place, and furthermore don't click when it asks to install more. Oh, and nice of Forbes to drop the following in:

Without Avast’s alert, would this attack vector have been discovered?

But I'm sure Forbes wasn't paid for such sweetened verbiage....as if their half sentence about 'conflict of interest' nullifies their advertisement disguised as an article. Hah!

Ranting aside, every news article I've seen isn't approaching it right. In fact, nobody has to my knowledge has actually thought about the problem -- they've just been pissed at symptoms.

The real problem is that end-users aren't allowed to control their device's behavior. This is totally on purpose, and you are not meant to question it. If you could, for example, establish a per-app trust model, and use built-in permissions to enforce your model, you wouldn't have these problems (or any like it). Google does not want this - they want to be able to shove ads down your throat. They want to be able to sell your home's location to advertisers. The last thing they could possibly allow is for you to deny an app access to the internet and prevent it from pulling down more adverts. This is why we need to take control of our own devices -- nobody is looking out for us, and they will not in the future.

We can block internet access, deny popups and otherwise overwrite any builtin function used by applications. And it doesn't require rooting. Apphacking is the way to go, of that I have no doubt.