It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.
As a developer this question is hilarious to me
As a curious Android user this comment is useless to me
For a real answer here’s the Zscaler blog write up: https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
As an Android developer that comment makes me sad. Then I remind myself that Lemmy is full of people who migrated from Reddit.
We each have our specialties, and it would be unreasonable to ask that everyone share yours.
Hey don’t pretend that you didn’t migrate as well.
please enlighten the rest of us
Explain yourself
There’s no such thing as perfect security… unless your application is trivial and doesn’t do very much. Android is designed to collect data from the dozen plus sensors on your phone in order to get money from app vendors to push ads.