1. nbaliga's Avatar
    Sure, Android is secure....depends on what your definition of secure is, and by that I mean, you surely don't know what secure means.

    Bluebox Fake ID Android Vulnerability - Business Insider
    lift likes this.
    07-29-14 11:14 AM
  2. Heinz Katchup's Avatar
    Sure, Android is secure....depends on what your definition of secure is, and by that I mean, you surely don't know what secure means.

    Bluebox Fake ID Android Vulnerability - Business Insider
    Lol! No surprise. If you want a secure Android experience. Get a BlackBerry!

    Posted via CB10
    lift likes this.
    07-29-14 11:16 AM
  3. Ment's Avatar
    Already patched although because BB does not really have official access to the Playstore they have to hope apps they have already downloaded do not have this vulnerability and of course 3rd party store, Amazon etc are still vulnerable to the access allowed in the runtime.. Google Play devices have in device scanning via the Playstore to flag and remove such apps.

    "We appreciate Bluebox responsibly reporting this vulnerability to us; third-party research is one of the ways Android is made stronger for users. After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to AOSP. Google Play and Verify Apps have also been enhanced to protect users from this issue. At this time, we have scanned all applications submitted to Google Play as well as those Google has reviewed from outside of Google Play, and we have seen no evidence of attempted exploitation of this vulnerability.
    07-29-14 11:31 AM
  4. Heinz Katchup's Avatar
    Only so many patches till the levy breaks.

    Posted via CB10
    lift likes this.
    07-29-14 11:32 AM
  5. lift's Avatar
    Already patched although because BB does not really have official access to the Playstore they have to hope apps they have already downloaded do not have this vulnerability and of course 3rd party store, Amazon etc are still vulnerable to the access allowed in the runtime.. Google Play devices have in device scanning via the Playstore to flag and remove such apps.
    The patch has not been sent out yet from the carriers. So NO, it is not already patched.
    07-30-14 05:11 PM
  6. lift's Avatar
    Only so many patches till the levy breaks.

    Posted via CB10
    So true.
    07-30-14 05:12 PM
  7. Ment's Avatar
    The patch has not been sent out yet from the carriers. So NO, it is not already patched.
    By patched I mean in device detection and removal by Google Play Services which is on every Google certified phone Android 2.3 and up if you have an OS version that is vulnerable. BB will have to wait until 10.3 to do the same although since they are relying on a third party, Trend Micro, when that happens is out of their hands.

    In reality this has no impact. If you enable side-loading which is off be default, disregard the warning that side-loading is less secure, find an actual app outside the Playstore that has this malware. Load it onto your device. Ignore the warning again that GPS found that app has malware then I don't know what to tell you...you probably can't even boot your desktop cause of all the malware on it.
    mornhavon likes this.
    07-30-14 05:47 PM
  8. lift's Avatar
    By patched I mean in device detection and removal by Google Play Services which is on every Google certified phone Android 2.3 and up if you have an OS version that is vulnerable. BB will have to wait until 10.3 to do the same although since they are relying on a third party, Trend Micro, when that happens is out of their hands.

    In reality this has no impact. If you enable side-loading which is off be default, disregard the warning that side-loading is less secure, find an actual app outside the Playstore that has this malware. Load it onto your device. Ignore the warning again that GPS found that app has malware then I don't know what to tell you...you probably can't even boot your desktop cause of all the malware on it.
    Did you read the bluebox article about this. it goes into great detail. Here is a quote:
    Status of Vulnerability Fix:
    Effectively addressing a vulnerability requires a three step process:
    1) Google produces a generic code fix, which it provides to the Android phone manufacturers
    2) Then phone manufacturers must then incorporate that fix into a firmware update suitable to specific phones, which they provide to carriers
    3) The carrier then distributes the final update, which ensures your phone is safe from the vulnerability
    As regards Fake ID, Google has provided the generic code fix to the phone manufacturers. Currently the manufacturers and carriers are working to get that fix out to you.
    So again, this is not patched yet. Far from it. Also, as I can see, BlackBerry devices would not be affected. This is not a BB runtime problem but a core OS android issue.
    07-30-14 08:25 PM
  9. Ment's Avatar
    To fix the vulnerability in the ROM yes you'll have to wait for carrier update or OTA via Google if you have a Nexus device. But to identify apk that have the malware does not thats what I mean, you can't load the apk without GPS warning you. The Playstore has already been scanned and nothing found and GPS will flag the apk if you sideload it. Google was notified of this in April and AOSP was patched in May.

    Perhap you believe GPS updates require carriers and it does not.
    07-30-14 09:45 PM
  10. lift's Avatar
    Perhap you believe GPS updates require carriers and it does not.
    No, I knew that. I'm saying that until the carriers release the OTA updates this is still not technically fixed. Knowing some carriers that could be weeks.
    07-30-14 09:48 PM

Similar Threads

  1. Android runtime
    By Sundar Venkatasubramanian in forum More for your BlackBerry 10 Phone!
    Replies: 41
    Last Post: 08-01-14, 10:42 AM
  2. This the reason why z10 get force close on android apps
    By Muhammad Akbar3 in forum BlackBerry Z10
    Replies: 8
    Last Post: 07-30-14, 07:03 AM
  3. About android apps
    By GhAi BaljiNder in forum BlackBerry Z10
    Replies: 5
    Last Post: 07-29-14, 02:55 PM
  4. Android runtime missing after reloading device software
    By kkcsivaram in forum Ask a Question
    Replies: 3
    Last Post: 07-29-14, 01:44 PM
  5. BlackBerry Guardian adds another layer of protection to Android apps on BlackBerry
    By CrackBerry News in forum CrackBerry.com News Discussion & Contests
    Replies: 1
    Last Post: 07-29-14, 09:27 AM
LINK TO POST COPIED TO CLIPBOARD