My Kindle Fire automagically updates itself whenever Amazon decides it should. Sometimes an update produces a notice that an app (why don’t we call them “programs” these days?) needs more permissions, but the process generally goes unremarked.
This one wasn’t subtle at all:
I had just fired up File Expert, which immediately dimmed the screen and presented a dialog box with only two unpalatable choices. Here’s a closeup:
Well, what would you do?
Needless to say, I didn’t press the Download Now button; it probably wouldn’t have worked anyway, because I turned off the Allow Installation of Applications from Unknown Sources option a long time ago. Pressing Exit bails out of the program app and returns to the Home screen.
Some questions immediately spring to mind:
- If the app has been compromised, exactly how did it regain control and complain about the situation?
- If this is truly a compromised app, why wouldn’t the Trojan just download malware without asking?
- How did this pass the ahem QC and auditing that allegedly justifies having a sole-source Amazon App Store? After all, I can load random crap from the Interweb onto a PC all by myself.
- How does one validate the origin of those random security questions that regularly appear on various computer screens? Why wouldn’t malware just pop up a random dialog box asking for the password, any password, and gleefully use whatever you type?
This appears to be a false positive, as explained there. I assume that any malware worth its salt would also kill off any built-in integrity checking, but what do I know? It’s gone missing from the storefront, probably cast forth into the outer darkness away from the light of Kindle Fires…
The Smell of Molten Projects in the Morning 