What you need to know about the dangerous Android banking trojan that's been ported to iPhone
    • chiisana@lemmy.chiisana.net
      196·
      8 months ago

      I honestly can’t wait for the gong show to begin.

      Just like the cookie law and GDPR before it, the intention might be good, but the implementation is so botched that it’s just going to be a huge mess.

      Hope a couple of emulators and porn apps will be worth it for those that advocated for this crap.

      • GlitterInfection@lemmy.worldEnglish
        31·
        8 months ago

        It’s almost impossible without sideloading, requiring heavy social engineering and it is lockable by Apple. Whereas it has the possibility to become common-place with sideloading as it’s requested in the lawsuits from Epic and by most of the anti-Apple folks on reddit/lemmy.

    • TORFdot0@lemmy.worldEnglish
      76·
      8 months ago

      TestFlight isn’t the same as sideloading. And preventing sideloading has no effect on your IT illiterate relative handing over MDM control to a malicious actor.

      Would you blame sideloading if your relative gave a random “fraud specialist” at their bank their online banking password and they had their bank account drained? That’s the essentially same kind of attack that happened here

      • GlitterInfection@lemmy.worldEnglish
        135·
        8 months ago

        You missed my point entirely. Once sideloading is available Trojan authors no longer need you to install an MDM to infect your parents devices.

        • TORFdot0@lemmy.worldEnglish
          33·
          8 months ago

          I get your point, but where I don’t agree is that sideloading is more insecure than already exploited systems. What safety does disabling sideloading provide when the same user vulnerable users are able to be socially engineered to bypass several restrictions and install the test flight app or a management profile to give hackers control?

          It’s not as if sideloading is going to be allow users to click a malicious ad that pops in at the last second where the real download button should be. It is going to behind the same multiple step processes that the current test flight or MDM vectors are

          • GlitterInfection@lemmy.worldEnglish
            21·
            8 months ago

            What safety does several layers of effective safety that removed this threat quickly and obviously prevented it from becoming a widespread issue provide?

            And that is not what people are pushing for for sideloading. People want to be able to have alternative app stores with their own sets of rules that will not require test flight or MDM vectors.

    • edric@lemm.eeEnglish
      24·
      8 months ago

      The app was available (via testflight) to download even without sideloading…

      • GlitterInfection@lemmy.worldEnglish
        81·
        8 months ago

        And got kicked off by Apple, as per the article… A thing that can’t be done in the future that a lot of people who use Android want to force onto Apple users.

        • chiisana@lemmy.chiisana.net
          4·
          8 months ago

          I think the current proposed implementation would still allow Apple to revoke apps from third party stores, and they’d still control entitlements internally. Having said that, there’s plenty of pushbacks already, and I haven’t caught up as to whether or not EU approved their proposal yet. In all cases, as I said earlier, just like the cookie law and GDPR, the DMA maybe came from a good place with some good ideas, but the implementation is so broken, what companies will do to comply with the word of the law will be a gong show.