[Chugalug] Dropbox (and other Python Apps) Reverse-Engineered

Christopher Rimondi chris.rimondi at gmail.com
Thu Aug 29 15:55:59 UTC 2013

Dave, are you really saying that malware writers don't target iOS because
they are not financially incentivized enough?

Two big problems with the statistics you threw out.
#1 They only include smart phones. If you want to get an accurate picture
of OS market share for IOS and Android you need to include tablets. A good
way to do that is looking at browser stats. You look at browser stats or
even if you look total mobile devices sold (smartphone + tablet) you get a
totally different picture.
#2 Even if those stats you quoted were relevant "Android" is not
monolithic. The number of versions of Android running now is incredible.
Further compounding the issue is that every vendor version of Android is
different per device. When doing exploit development, nuances in the OS
matter. A lot. Malware authors would get a lot more mileage out of writing
a single exploit for iOS then dealing with a fragmented Android market.

The real three reasons why there is 1000x more malware for Android then IOS:
1. Effective code signing and app screening on IOS and a joke of a process
Android. Well over 50% of Android malware is just submitted to the app
store. No exploit necessary just social engineering.
2. IOS has pretty good DEP. Not perfect but much better then any other
commercial OS.  To my knowledge in the last few years there was only one
DEP bypass in IOS and that was via the JS JIT compiler. Apple fixed the bug
fairly quickly. In Android code executing from data memory segments is
practically a feature.
3. IOS does a fairly good job on pushing code updates because it depends on
Apple and not on the carrier. Android depends on the carrier which is why
2.2 still has such a huge market share.

Personally, I think high end Android devices are far better from a
usability perspective and I would carry one if it weren't for the pathetic
job they did with security.

On Thu, Aug 29, 2013 at 9:04 AM, Dave Brockman <dave at brockmans.com> wrote:

> Hash: SHA1
> On 8/29/2013 8:26 AM, Benjamin Stewart wrote:
> > I'm not sure I completely buy point #2 there, Dave. Windows has
> > had enough market share to be status quo since at least the 90s
> > (forever ago to a script kiddie!). However, Android has enjoyed a
> > clear market share advantage for about a year according to the
> > source I found below. Did the script kiddies read the trends better
> > than Apple? I'm not saying everything (anything) Apple is
> > un-hackable, but people do tend to go for low-hanging fruit, as
> > long as there's some return.
> iphone has never come close to having the majority of marketshare, let
> alone nearly 80% of it.  Let's see, write something to attack those
> Apple devices, because they have ~10% of the desktops and ~20% of the
> mobiles.... you know what, why bother.  I'd probably have to target
> some rich ass in the US to find someone to use it on.....  Not to say
> they haven't raised the bar, and are not the lowest hanging fruit.  I
> still assert if iphone had 80% marketshare, the amount of malware
> written for it would be much greater as well, and all the "security"
> apple has baked in wouldn't stop the commercial authors for more than
> a few days at a time.
> > Interesting side-note: From looking at the chart, I'd say
> > Android's recent gain has been at the expense of Symbian, not IOS!
> >
> Or in other words, apple cannot lose what it has never possessed!
> (additional marketshare to lose)
> :)
> Regards,
> dtb
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> iQEcBAEBAgAGBQJSH0brAAoJEMP+wtEOVbcd2JkIAK3JJ1uoThn03umW0Tkz5xo0
> iQnmziE9chM5cUOD34qQwRwkhJ6f5OyS8Sr3SxYQuI14Eqya+bDvTjh/vA/2oo50
> TI0oPJmRmqMcUfK/EBgqODViLaRsOt0IZZrXBkp0HyLB3ekeLKVbhLPDGbQHafq9
> PaIv99Jf+i5PZDIzgNLpuRoVPWRBpnQse3/upmawh2Cx7Y+XTiiiG7muhTJGhZNv
> l0I/oo0gu9UpO5zmOSoGl0X6LShwOfrSxMEdKgFW2dQx1mrK9NCsdOlQrYvm1g38
> F/UgGWkiRiFdgo7wqHJhyk9+Y8hGOUdsw0PrFXg7ethn88oo7XKwR/KfIwDRC6E=
> =gK7P
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

Chris Rimondi | http://twitter.com/crimondi | securitygrit.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130829/591113d8/attachment-0001.html>

More information about the Chugalug mailing list