XPrivacy should really come installed by default with Android: the new versions are really quite good (especially with the cloudsourcing and on-demand bits) and really highlight how atrocious most apps are with your personal data. And it is a hell of a lot more effective than relying on companies like Avast to detect and remove bad actors from the market. I've lost track of the number of times random apps (most of whom are just shells around a website) ask permissions for my full phone number, Google and Facebook accounts, contact info etc. for no reason at all. At this point, I'm scared of using Android without the module. (not that ios or windows are any better)
Given how shady the whole premium SMS/premium number business is to begin with, it should be made legally simple to refuse all payment on charges to them.<p>eg. Say you notice you suddenly owe $100 on your phone bill due to a phone app causing charges to your bill (or even just because you gullibly fell for a social engineering attack), you should be able to just refuse to pay with no repercussions other than that the premium provider will be sent a notification that you refused to pay and then may block you via caller id from future use of the service.<p>I doubt this will ever happen since politicians generally don't give a rat's ass about consumers anymore, but it would be nice.
Bear in mind it is Avast writing this post (not exactly my favourite company at the moment, incorrectly reporting a trojan to a few users in one of my Apps), so the alarmist perspective is motivated by their business.<p>If the worst they can report on is an obscure and rather obviously dodgy looking App no longer on Google Play then there isn't much for us to worry about.
I thought KitKat was supposed to block apps from automatically sending SMS messages to premium numbers?<p>This is a nasty piece of malware, but premium SMS scam apps are nothing new to Android. So the article playing up the danger of this random, seemingly single-market focused malware (Hispanophone vs. global) isn't particularly scary.
at this point i'd like to recommend cyanogenmod with privacy guard again [1]<p>or openpdroid [2], or both. the cool thing about openpdroid is that you can spoof location requests too. also, i don't think any other privacy app allows you to block requests to sim and imei info<p>[1] <a href="http://www.androidcentral.com/cyanogenmod-updating-privacy-guard-20-new-features-coming-cm102" rel="nofollow">http://www.androidcentral.com/cyanogenmod-updating-privacy-g...</a><p>[2] <a href="http://www.xda-developers.com/android/openpdroid-brings-an-open-source-privacy-solution/" rel="nofollow">http://www.xda-developers.com/android/openpdroid-brings-an-o...</a>
I'm surprised they went to those measures to get the user's phone number, it seems like there would be much simpler and more inconspicuous ways to do so on Android.
It's a long time since I didn't touch Java, I don't get the instruction "break label217;".<p>Is it equivalent to a "goto label217" ? (shock and horror !!!)