SSCC 118.99 – How do you define a Potentially Unwanted Application (PUA)?

Google rolls out fix for Android security vulnerability

andropirate_170To wrap-up the three part Sophos Security Chet Chat 118, Vanja Svajcer from SophosLabs Croatia joined me in Berlin to discuss the finer points of unwanted software for Android.

While most of us can identify something truly malicious without too much difficulty, there are many other things that fall into more of a gray area.

Are ad pop-ups and your browser home page fair game when you download a free travel|game|puzzle|social app? Should apps be allowed to comb through your addressbook? Are hacking tools and p0rn appropriate for your work device?

These questions typically fall into the category of potentially unwanted applications (PUA), depending on the disposition of the user.

In the podcast, Vanja explains the lack of standards for defining which mobile apps are PUAs and then explains the proposal he and Sean McDonald from SophosLabs Australia put forth in their paper.

Listen to this episode

Play now:

(5 October 2013, duration 11’52”, size 8.5MB)

Download for later:

Sophos Security Chet Chat #118.99 (MP3)