FUD and Counter-FUD in the Android Market

Posted by Zealot on Aug 01, 2010

closeThis post was published 3 years 8 months 17 days ago which may make its actuality or expire date not be valid anymore. This site is not responsible for any misunderstanding.

android_kill_switch-143x150 The recent story (reported on Mobilitysite HERE) about a wallpaper app in the Android store found to be sending user data off to China by a security software company was all over the web this weekend. Not surprisingly, the backlash has begun. Antonio Wells at AndroidTapp declared the initial reports on the vulnerability and malware to be FUD and contacted the Chinese developer, jackeey wallpaper, to find out the “truth”.

FUD has become one of the most abused terms on the internet. FUD stands for Fear, Uncertainty and Doubt and the acronym was originally coined in the seventies to describe IBM’s habit of spreading false information about competitors by creating hints and rumours. The term would end up being most identified with Microsoft’s claims against Open Source software in general and Linux in particular. These days, it is more or less used by fanbois to describe any information they don’t like or that disagrees with what they believe, usually with a villain named, as in “Antennagate is just FUD from Google”.

As could be expected, the developer of the wallpaper software denied all wrongdoing and stated they feel horribly victimized and hurt by the whole situation. Well, to be accurate he actually said…

I do not collect user data likes what the CEO of Lookout said in venturebeat.com. He said that I have collected the text message, it is bullsh*t.

Jackeey wallpaper raised the standard banner that everybody is doing it, and that his apps don’t gather as much data as some other similar apps. He also noted that he doesn’t use the data he gathers (?) and his app does not gather user data per se, but device data like the device ID, phone number and voicemail info. Personally I think the distinction is silly, I consider my phone number and voicemail details to be personal information and it is data that a wallpaper application has no call to be gathering. The developer claims it is part of his efforts to add a “favorites” feature to the software but then why wasn’t that ever mentioned in the information about the software. The information gather still looks highly suspicious and I for one would think twice before installing the app.

Lookout has stood by their initial report, reminding everyone that they said directly that they had no evidence of misuse of the data, just that a wallpaper app gathering it sure looked suspicious. The also reminded people that they reported the information to make clear that there are a lot of Android applications playing very fast and loose with data and doing suspicious things.

AndroidTapp came to the following conclusion after speaking to both the developer and Lookout.

True all users should indeed be aware of what they are installing from the Android Market. True the openness of the Android Market are its strengths and weakness as something like this could be exploited. In this particular instance… it may not be the case, especially for what seems like a developer trying to improve his app by grabbing device data to make a “favorites” feature in-app. Maybe his approach was suspicious and overzealous as Lookout corrected, but was the mass negative press without covering the complete story warranted???

I believe Lookout’s reassessment should have been issued in the beginning versus retroactively clarifying; it makes me question their app security scanning and protection features of Lookout Mobile Security. Hopefully Google’s investigation will put a final ruling to this.

I’ve leave you with these 3 words… Fear, Uncertainty, and Doubt.

Pot, meet kettle. Certainly it is in the best interest of software security firms to make the most of, even to overplay, vulnerabilities. Just as the man selling you a car alarm will harp on car theft statistics, so the man selling you security software will paint a bleak picture of the web. However, they stated in their original report they did not have evidence of malice, not in any sort of “reassessment” as AndroidTapp falsely implies. The fears about the wallpaper app being Malware were added by bloggers reporting on the situation (such as yours truly, my bad). Bloggers are panicky, hysterical, view-mongering beasties, we all know that…the inaccuracies and hyperbole that we bloggers wrapped around their report isn’t Lookout’s fault, nor do they detract from Lookout’s work.

Lookout got the facts right by the developer’s own admission and reported them…the only open question was motive. Since the main purpose of what Lookout was doing was to raise awareness about vulnerabilities, the motive really wasn’t important.  If this mess causes Android users to be more aware and developers to be more open and careful about the data the access, then mission accomplished. For AndroidTapp to say that this situation has caused them to question Lookout’s abilities or professionalism then that is the worst sort of FUD. Using vague statements to try and discredit the messenger, therefore blunting or invalidating the message, is classic FUD.

As G.I. Joe taught us, knowing is half the battle…so we all owe Lookout a thank you, even if some of us bloggers owe jackeey wallpaper an apology as well for jumping to conclusions…FUD or no FUD.

Zealot (839 Posts) - Website | Twitter | Facebook


By day a department manager and writer for a major network device vendor...by night Zealot stalks the mean magnetic streets, striking fear into the hearts of bandwidth abusers and theme park mascots. Zealot has been involved with mobile devices for more than a decade now, starting off with dumb phones, moving to PDAs and then to smartphones, notebooks and netbooks with the odd PMP thrown in. Most of his mobile time currently is spent on a Treo Pro, Zune HD, Thinkpad T61, HP Mini 311, iPod Touch 3G, iPad 16G or a Hackintoshed Compaq Mini 704. He proudly groks the Geek community and considers himself a Neo Maxi Zune Dweebie (thanks Wil Wheaton!).

ADVERTISEMENT

  • http://twitter.com/news4android/status/20054326703 Android News

    FUD and Counter-FUD in the Android Market: The recent story (reported on Mobilitysite HERE) about a wallpa… http://bit.ly/cCLMaK #android

  • http://twitter.com/iwmarket/status/20056899776 Paul McGuinness

    FUD and Counter-FUD in the Android Market http://bit.ly/ayllKS

  • http://twitter.com/news4android/status/20061360192 Android News

    From News: FUD and Counter-FUD in the Android Market: The also reminded people that they reported the info… http://bit.ly/cCLMaK #android

  • http://twitter.com/androidmy/status/20062672497 Android Marvin

    FUD and Counter-FUD in the Android Market – http://bit.ly/b4Ww7e

  • http://twitter.com/mobilitysite/status/20052363714 mobilitysite

    Posted: FUD and Counter-FUD in the Android Market http://bit.ly/bB5bnS

  • http://twitter.com/billcpu/status/20052802094 Bill

    FUD and Counter-FUD in the Android Market http://bit.ly/cNAMgR …and Lookout peddling their anti-virus app

  • http://twitter.com/ttalerts/status/20054327183 TELTUB Support team

    FUD and Counter-FUD in the Android Market: The recent story (reported on Mobilitysite HERE) about a wallpaper app … http://bit.ly/bfekd5

  • Merick

    Great post, thank you. It is amazing how little the press checks their facts nowadays, just copying stories from other blogs.

  • http://twitter.com/buckley007/status/20072207331 michaelbuckley

    FUD and Counter-FUD in the Android Market http://tinyurl.com/2bjkm2u

  • Mikey

    So, have you guys publicly apologised to the developer already? By your own admission you owe one. Or, is it beneath you guys to apologise to a poor little chinese dev?

  • http://bardhaven.wordpress.com Zealot

    A very good point Mikey. I had sort of assumed the admission counted as apology, but it really shouldn't.

    I am sorry Jackeey wallpaper for not using the word “Alleged” malwear when reporting on the accusations of others. I condemned you on hearsay and I apologize. Now please clean up your act regarding the data your software accesses, or at least disclose your reasons why more fully next time so people can make an educated choice before downloading your software.

  • http://www.svpocketpc.com Pony99CA

    FUD stands for Fear, Uncertainty and Doubt and the acronym was originally coined in the seventies to describe IBM’s habit of spreading false information about competitors by creating hints and rumours.

    I wasn't around IBM in the 70s, but I did work for them for 12+ years in the early 80s to mid 90s. we were taught that you do not disparage a competitor, so the IBM that I worked for would not spread false rumors about competitiors.

    That's not to say that FUD was impossible. You could presumably say, “Our next generation of products will be backward compatible with this generation”, implying that maybe the competitors' would not be. Or you might be able to say, “Our next generation of products will be so incredible that you won't believe it”, implying that switching to a competitor would be a bad idea.

    As for wallpaper, I'm still curious why somebody would need to collect your phone number or voicemail information to build a favorites feature into a wallpaper app.

    Steve

  • http://www.svpocketpc.com Pony99CA

    It's “malware”; “malwear” would be poorly fitting clothing. :P (I cleaned up the article but I can't clean up the comments. I'm going to have to start charging proofreading fees here. :P)

    Steve

  • http://www.svpocketpc.com Pony99CA

    I don't know that Lookout's piece was a blog. However, there are really only three ways to do fact checking in something like this:

    1. Test it yourself. I'll let you run the possibly sketchy wallpaper app; I won't, thank you very much.

    2. Ask the developer and hope he admits the truth. Yeah, about as likely as Bill Clinton admitting that he did have sex with that woman when first asked.

    3. Wait for other reputable sources to reproduce the issue (the scientific method approach). unfortunately, that means that you won't likely be in the first wave of news, losing any hope of a scoop.

    So what would you do to improve blogging given the realities?

    Steve

  • http://bardhaven.wordpress.com Zealot

    Everybody's a critic…

  • Mikey

    That's really really illustrative of the contempt you hold for that poor little chinese dev. I guess you and the lookout guy are the same. Do you require anybody else to write a treatise on the reasons why they need this or that info? Or just because this guy is small time, or chinese? or what?

    Disgusting.

  • http://bardhaven.wordpress.com Zealot

    When an application wants to access data that seems to be odd, I want to know why no matter what App it is or who developed it…I doubt I am unique in that. The Dev could have avoided a good deal of this whole situation by mentioning in the description of his software in the Android Market why he thought his wallpaper app needed your voicemail details and device ID and phone number.

    That has nothing to do with being small time, or Chinese…it is just good business.

  • Mikey

    You write nice words but your actions do not match the words. You say that `you want to know' no matter what app it is or who developed it, but YOU never bothered to ASK the developer before you published an article to drag him through the mud, did you? So you didn't really want to know until Androidtapp revealed all, then your petulant `apology'.

  • http://bardhaven.wordpress.com Zealot

    Everybody's a critic…

  • Mikey

    That's really really illustrative of the contempt you hold for that poor little chinese dev. I guess you and the lookout guy are the same. Do you require anybody else to write a treatise on the reasons why they need this or that info? Or just because this guy is small time, or chinese? or what?

    Disgusting.

  • http://bardhaven.wordpress.com Zealot

    When an application wants to access data that seems to be odd, I want to know why no matter what App it is or who developed it…I doubt I am unique in that. The Dev could have avoided a good deal of this whole situation by mentioning in the description of his software in the Android Market why he thought his wallpaper app needed your voicemail details and device ID and phone number.

    That has nothing to do with being small time, or Chinese…it is just good business.

  • Mikey

    You write nice words but your actions do not match the words. You say that `you want to know' no matter what app it is or who developed it, but YOU never bothered to ASK the developer before you published an article to drag him through the mud, did you? So you didn't really want to know until Androidtapp revealed all, then your petulant `apology'.

  • breley

    Mikey, the blogosphere would be better served with you properly aiming your own poorly-aimed ad hominem attack at the initial perpetrators: Lookout and the attendees of the Black Hat conference for assisting in disseminating the information.

    Why the failure here by so many news organizations? News reporting tends to rely on experts in the field to provide accurate data. Usually this isn't a problem, but sometimes, as in this case, it is. Lookout states it is “a world leader in smartphone protection”. When an organization touting itself as such says “Hey, this particular app seems to be behaving oddly” most end users are going to take notice and trust what they say because, well, that's what Lookout does, Android security. It's a form of argumentum ad verecundium, that is, relying on a recognized authority to back up what you are saying. As analogy, with regard to the veracity of humanocentric climate change, are you running climate analyses yourself and looking at Vostock ice core samples in your basement, or are you relying on “authorities in the field” to do it for you?

  • breley

    +1, Steve. This is the risk that news, particularly tech news, runs. Mikey's fixation on “Chinese” and the implied racist tone show a poor understanding of China's historical IP laws and internet usage tolerance/policies vis-a-vis much of the rest of the world, as shown by the recent hacking of Google and other tech companies. It has nothing to do with racism, but everything to do with China not yet doing enough to combat indigenous hacking (NB: Much of this may have to do with China's effort to modernize its cyberinfrastructure and not yet having laws or legal instruments formally in place to deal with citizens causing potential PC problems abroad).

  • breley

    Mikey, the blogosphere would be better served with you properly aiming your own poorly-aimed ad hominem attack at the initial perpetrators: Lookout and the attendees of the Black Hat conference for assisting in disseminating the information.

    Why the failure here by so many news organizations? News reporting tends to rely on experts in the field to provide accurate data. Usually this isn't a problem, but sometimes, as in this case, it is. Lookout states it is “a world leader in smartphone protection”. When an organization touting itself as such says “Hey, this particular app seems to be behaving oddly” most end users are going to take notice and trust what they say because, well, that's what Lookout does, Android security. It's a form of argumentum ad verecundium, that is, relying on a recognized authority to back up what you are saying. As analogy, with regard to the veracity of humanocentric climate change, are you running climate analyses yourself and looking at Vostock ice core samples in your basement, or are you relying on “authorities in the field” to do it for you?

  • breley

    +1, Steve. This is the risk that news, particularly tech news, runs. Mikey's fixation on “Chinese” and the implied racist tone show a poor understanding of China's historical IP laws and internet usage tolerance/policies vis-a-vis much of the rest of the world, as shown by the recent hacking of Google and other tech companies. It has nothing to do with racism, but everything to do with the perception that China is not yet doing enough to combat indigenous hacking (NB: Much of this may have to do with China's effort to modernize its cyberinfrastructure and not yet having laws or legal instruments formally in place to deal with citizens causing potential PC problems abroad).

  • http://www.svpocketpc.com Pony99CA

    Mikey, apparently you missed one of the points of the piece — AndroidTapp was just as bad at blaming people as the initial blog reports. Do you work for them or something?

    Steve

  • http://www.svpocketpc.com Pony99CA

    I'm not sure blaming Lookout is the right thing to do. Z's article clearly stated that Lookout was giving a warning about strange data collection; Lookout did not say there was malware. That's a reasonable warning to give, I think.

    The “blame”, if any needs to be assessed, is on people who ran with that and created wilder stories. Z even admitted he did that, which seems apologetic enough to me.

    Steve

  • http://www.svpocketpc.com Pony99CA

    Mikey, apparently you missed one of the points of the piece — AndroidTapp was just as bad at blaming people as the initial blog reports. Do you work for them or something?

    Steve

  • http://www.svpocketpc.com Pony99CA

    I'm not sure blaming Lookout is the right thing to do. Z's article clearly stated that Lookout was giving a warning about strange data collection; Lookout did not say there was malware. That's a reasonable warning to give, I think.

    The “blame”, if any needs to be assessed, is on people who ran with that and created wilder stories. Z even admitted he did that, which seems apologetic enough to me.

    Steve

  • breley

    Fair enough, Steve. Though I have no doubt Lookout's well-intentioned caution in and of itself didn't do the developer in question any favors, rightly or wrongly.

  • Mikey

    @breley Very impressive chestbeating language. Latin buff or did you use a English-Latin translator? And breley, lookout's `good intentions' ??? They sell security stuff. It's probably 'profitable intentions' instead.

    @pony I don't work for Androidtapp. I just felt sad for the developer. And Zealot's apology was more a taunt, so that pissed me off more.

  • http://www.svpocketpc.com Pony99CA

    You seem to be a troll then, Mikey.

    First, you don't need to be a Latin buff or use a translator to know “ad hominem”; I learned about argumentum ad hominem et al in my high school logic class.

    Second, feeling “sad” for the developer who is using sketchy techniques is a joke. I still haven't heard how gathering that information is required to implement a “favorites” features. Care to explain that?

    If not, please go back under your bridge.

    Steve

  • http://www.svpocketpc.com Pony99CA

    You seem to be a troll then, Mikey.

    First, you don't need to be a Latin buff or use a translator to know “ad hominem”; I learned about argumentum ad hominem et al in my high school logic class.

    Second, feeling “sad” for the developer who is using sketchy techniques is a joke. I still haven't heard how gathering that information is required to implement a “favorites” features. Care to explain that?

    If not, please go back under your bridge.

    Steve

  • Mikey

    For me, today, the BBC has finally vindicated the jackie and cleared his name, and branded all the allegations against the wallpaper app developer and app, as BS. Google itself has also cleared jackie.

    A respected Anglo Saxon broadcaster, the British Broadcasting Corporation (BBC), produces a programme called Digital Planet, where the commentator Jeremy Wagstaff has said his piece on this sorry affair. You can read the transcript on Mr. Wagstaff's blog: http://www.loosewireblog.com/2010/07/phantom-mo...

    In essence, my summary of Mr. Wagstaff's assertion is that – though we may find it easy to believe that some foreigner in a far away land may be screwing you, sometimes the threat is closer to home – then he cites Lookout, who issued the misleading initial blog piece which destroyed the poor little chinese developer's reputation and work, as an organization fraught with conflict of interest.

    Here's that gem in Jeremy's own words: ” We seem very quick to attribute suspicious behavior to someone we don’t know much about, in some scary far-off place, but less to those we do closer to home: Lookout’s main business, after all, is prominently displayed on their homepage: an application to, in its words, “protect yourself from mobile viruses and malware. Stop hackers in their tracks.”

    Conflict of interest, anyone?”

    That sorta puts closure to this affair, but only to those who read. Those who feel that the poor developer should be further vindicated, please spread Mr. Wagstaff's words far and wide.

    And just hope that the bloggers who did not at all apologise, did not modify their blogposts which killed the poor chinese dev's reputation and work and earnings, and bloggers who (worse) apologised flippantly and contemptuously, finally try to do something to right the intense wrong they wrought.

  • http://www.largepot.net Large Pot

    Oh!…that's great helpful, it's so right to me! Million thanks for the article,

  • http://www.svpocketpc.com Pony99CA

    Don't click the Thai spammer's link, but feel free to E-mail his ISP and him letting them know what you think of their spam.

    messilovely001@yahoo.com
    124.120.115.103

    Steve

  • http://www.svpocketpc.com Pony99CA

    As you couldn't figure out how to link one comment to the other but felt the need to post the exact same thing twice, I'll repay the favor.

    First, all Wagstaff did was talk to the developer and look at some screenshots. He did not investigate what the application really did, like Lookout did. He even admits that the developer could be (gasp!) lying to him. (Of course, we know that “poor developer” would never actually do that, right?)

    Second, the developer still sounds shady. He admitted to using two different IDs to create applications under. Why does he need to do that?

    Third, this has nothing to do with “some scary far-off place”; it has to do with the behavior of the application. Why can't you get that?

    Fourth, you follow along with Wagstaff claiming that Lookout has a “conflict of Interest”, but did you talk to them before spouting off? If not, you're doing exactly what you're criticizing others for. Pot, meet Kettle.

    Fifth, just because somebody might have a conflict of interest does not mean that they're wrong. Many so-called “security researchers” work for companies that sell security solutions. So does that mean that you should never believe them?

    Maybe on Mikey World people can't separate the truth from their profit motivation, but I think people here on Earth can (not that they always do, mind you).

    Steve

  • http://www.svpocketpc.com Pony99CA

    Don't click the Thai spammer's link, but feel free to E-mail his ISP and him letting them know what you think of their spam.

    messilovely001@yahoo.com

    124.120.115.103

    Steve

  • http://www.svpocketpc.com Pony99CA

    As you couldn't figure out how to link one comment to the other but felt the need to post the exact same thing twice, I'll repay the favor.

    First, all Wagstaff did was talk to the developer and look at some screenshots. He did not investigate what the application really did, like Lookout did. He even admits that the developer could be (gasp!) lying to him. (Of course, we know that “poor developer” would never actually do that, right?)

    Second, the developer still sounds shady. He admitted to using two different IDs to create applications under. Why does he need to do that?

    Third, this has nothing to do with “some scary far-off place”; it has to do with the behavior of the application. Why can't you get that?

    Fourth, you follow along with Wagstaff claiming that Lookout has a “conflict of Interest”, but did you talk to them before spouting off? If not, you're doing exactly what you're criticizing others for. Pot, meet Kettle.

    Fifth, just because somebody might have a conflict of interest does not mean that they're wrong. Many so-called “security researchers” work for companies that sell security solutions. So does that mean that you should never believe them?

    Maybe on Mikey World people can't separate the truth from their profit motivation, but I think people here on Earth can (not that they always do, mind you).

    Steve

Subscription

You can subscribe by e-mail to receive news updates and breaking stories.

Polls

Would you use Bing on an iPhone?

View Results

Loading ... Loading ...

About Mobilitysite

Warning: SimpleXMLElement::__construct(): Entity: line 2: parser error : AttValue: " or ' expected in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): ^ in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): Entity: line 2: parser error : attributes construct error in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): ^ in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): Entity: line 2: parser error : Couldn't find end of Start Tag html line 2 in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): ^ in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): Entity: line 2: parser error : Extra content at the end of the document in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Warning: SimpleXMLElement::__construct(): ^ in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144 Fatal error: Uncaught exception 'Exception' with message 'String could not be parsed as XML' in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php:144 Stack trace: #0 /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php(144): SimpleXMLElement->__construct('...') #1 /home/mobilitysite/public_html/wp-content/themes/tinynews/single.php(76): include('/home/mobilitys...') #2 /home/mobilitysite/public_html/wp-includes/template-loader.php(34): include('/home/mobilitys...') #3 /home/mobilitysite/public_html/wp-blog-header.php(16): require_once('/home/mobilitys...') #4 /home/mobilitysite/public_html/index.php(17): require('/home/mobilitys...') #5 {main} thrown in /home/mobilitysite/public_html/wp-content/themes/tinynews/page_sidebar.php on line 144