rugk 397 Posted September 28, 2014 Share Posted September 28, 2014 (edited) I think we all know about the PUA (also called PUS or PUP) on Windows - these are e.g. "downloaders" that install toolbars or change your browser startpage and so on... If you don't know about it then read this before you read the rest of the post: ESET knowledgebase - What is a potentially unwanted application? Virusradar.com - Glossary > PUA More on WeLiveSecurity - Search for PUA A whitepaper - Download PDF But my questions is about mobile devices... What PUA is there on these devices (e.g. on Android devices)? What is the behaviour of these PUA? And no, I don't want deny that there is PUA (also on Google Play), because I already downloaded some apps and EMS detected them as PUA. But the description was the "normal" description that you can give every PUA (on desktop systems). Here is is a screenshot: Because there are many things that these mobile PUA surely won't do. E.g. installs a toolbar without the knowledge of the user - Nobody would get the crazy idea to display a toolbar on the relatively small display on a smartphone. (OK on a tablet it might be something different, but I still think that it would be quite difficult with the Androids sandbox system to infiltrate the toolbar into a browser) Additionally there can't be something like a download manager (with ads and so on) on Android or if it would exists then it would be very impractical, because you would have to install two apk files and then maybe also uninstalling the first apk file. So I can't think that this would be economic to the ones who provide such a PUA, because many users would not complete these circuitous steps. And on Android many (also many popular) apps contain ads, so you can't categorize them as PUA. So what kind of PUA is there on mobile devices? Can you give some examples? What are the differences of these mobile PUA to desktop PUA? Edit: Added screenshot of the description from EMS. Edit2: Changed text and topic title a bit. Edited January 21, 2015 by rugk Link to comment Share on other sites More sharing options...
SweX 871 Posted September 29, 2014 Share Posted September 29, 2014 (edited) Hello rugk, This is a good but rather old read on the topic: hxxp://nakedsecurity.sophos.com/2012/09/13/potentially-unwanted-apps-on-android-more-prevalent-than-malware/ And this: hxxp://securitywatch.pcmag.com/mobile-apps/323737-mobile-malware-not-the-only-threat-unwanted-apps-bad-too I assume the criteria to be classified as a PUA is very similar on all platforms. All I can say is there seems to be a lot of them and that they are detected for a reason. I read another more recent article on the topic not that long ago but unfortunately I can't find it now. Edited September 29, 2014 by SweX Link to comment Share on other sites More sharing options...
rugk 397 Posted September 29, 2014 Author Share Posted September 29, 2014 (edited) Ok thanks for your replies. So ads and the transmission of the user data play a role... But could someone specify this a bit? I think there are at least some differences between computer-PUA and mobile-PUA (I tried to indicate some of them in my start post). Edited October 8, 2014 by rugk Link to comment Share on other sites More sharing options...
rugk 397 Posted October 3, 2014 Author Share Posted October 3, 2014 Nobody who can give examples? ESET I'm sure you can tell more about mobile PUA! Link to comment Share on other sites More sharing options...
rugk 397 Posted October 8, 2014 Author Share Posted October 8, 2014 Hello? Can you give an example? Link to comment Share on other sites More sharing options...
Doctor9fan 0 Posted October 11, 2014 Share Posted October 11, 2014 I doubt anyone who received an alert on their device would allow the app to install just to see what the result would be unless they were in a test situation. I've had warnings g of pua in games from the Amazon app store but eset hasn't detected it; Malwarebytes has which is worrying me on how good eset is. Link to comment Share on other sites More sharing options...
rugk 397 Posted October 12, 2014 Author Share Posted October 12, 2014 I doubt anyone who received an alert on their device would allow the app to install just to see what the result would be unless they were in a test situation. I've had warnings g of pua in games from the Amazon app store but eset hasn't detected it; Malwarebytes has which is worrying me on how good eset is. Yes, maybe someone can test a PUA to see what it does, but maybe there are criteria for detection as a mobile PUA you cannot see. (e.g. transmission of private data to a server without need to do this) And if there is malware or PUA that EMS misses then I would suggest you to send this to ESET. Currently EMS has no embedded "submit to ESET" feature (I already criticized that in my feedback), but you can of course send it in the "normal way" to samples @ eset.com. Link to comment Share on other sites More sharing options...
ESET Moderators Aryeh Goretsky 390 Posted October 15, 2014 ESET Moderators Share Posted October 15, 2014 Hello, I am still working on an answer to the question about anti-malware software for Linux. As soon as I get that finished, I will try to address your question re: Android PUAs. Thanks for your patience and understanding. Regards, Aryeh Goretsky Link to comment Share on other sites More sharing options...
rugk 397 Posted October 16, 2014 Author Share Posted October 16, 2014 Very thanks Aryeh. I will wait and stay tuned. And BTW: Congratulation to 200 kudos! Link to comment Share on other sites More sharing options...
fallenangel1978 0 Posted October 25, 2014 Share Posted October 25, 2014 why adding sdk from these companies (revmob,startapp,leadbold) esset thinks that is a Potentially Unwanted Applications? and not from googles ads and other ad network? only these 3 ads networks are a threat? i m a developer and i have intergade the 3 networks but esset pop ups a message "Threat" and my users thinks that is a virus and prevend them from downloading my apps. is there any solution? thank you Link to comment Share on other sites More sharing options...
rugk 397 Posted November 14, 2014 Author Share Posted November 14, 2014 Next time please open a new topic. But if you think this is a false-positive you can submit it to ESET. Link to comment Share on other sites More sharing options...
Recommended Posts