1. AidenSurvival's Avatar
    I read an article on phone arena stating a bug can compromise the phone's security and, well, take control of it.

    Here's what I found:

    The bug enters the 'bloodstream' of your Android device when you direct the browser to a specially designed website that injects infected javascript into your phone, bypassing the SOP protection used by most of today's browsers to protect such an occurrence from happening. Once your phone is infected, it can be controlled. According to one security researcher, "If I can do that, I can do all sorts of things; scrape web pages, read password fields, hijack a session."
    To those that say BlackBerry's Android OS does not have a web browser...it does. You can use a custom Android launcher and access the stock browser.

    I just want to know, is BlackBerry's Android OS affected since it's Android 4.3 (the bug affects anything below Android 4.4)?

    Source: Phone Arena
    09-16-14 12:27 PM
  2. diegonei's Avatar
    Or you can use an android browser.

    Question is not if there is a browser or not. Question is: Will this be able to access anything but the android side of the device?
    09-16-14 12:46 PM
  3. joeldf's Avatar
    Just on the surface, I'd say no. The Android Runtime is not a full OS. It is sandboxed from the actual BBOS. The runtime does not have access the root BBOS. People who have tried android rooting tools get nowhere because there is nothing in the runtime to root.

    Posted via CB10
    KDB84 likes this.
    09-16-14 01:48 PM
  4. Stephen Cooper's Avatar
    ^^^ This.

    Posted via CB10
    09-16-14 02:41 PM
  5. diegonei's Avatar
    Up to this day, nobody is certai about what sandboxed means. Skype can write directly into the contacts app. Lots of other apps get similar permissions.
    09-16-14 03:24 PM
  6. joeldf's Avatar
    Up to this day, nobody is certai about what sandboxed means. Skype can write directly into the contacts app. Lots of other apps get similar permissions.
    That's probably because there is an android contacts app that's part of the runtime. It's one of the hooks to the BlackBerry side of things. If you use Ghost Commander, you can actually launch it and you will see a copy of what's in the BlackBerry contacts app. Almost everyone in the main contacts will be here too. In my phone, I do notice that anyone with a custom ringtone is not in the android contacts. I find that interesting.


    Posted via CB10
    09-16-14 04:08 PM
  7. Ment's Avatar
    It only works on the AOSP 4.3 browser not Chrome so Android phones by and large aren't affected by this unless you perhaps you use an alternate browser that is based on the AOSP one. Doesn't affect BB runtime either.
    09-16-14 06:25 PM

Similar Threads

  1. Bug in "Likes" list navigation bar layout
    By RyanGermann in forum Site and App Feedback & Help
    Replies: 7
    Last Post: 09-22-14, 10:43 AM
  2. Replies: 5
    Last Post: 09-17-14, 09:58 AM
  3. Do the new models coming out spell the end of removable batteries?
    By CrackBerry Question in forum Ask a Question
    Replies: 6
    Last Post: 09-16-14, 05:05 PM
  4. Clash of Clans
    By JDK011 in forum BlackBerry Z10
    Replies: 3
    Last Post: 09-16-14, 02:56 PM
  5. Leak 1154 allows use of Withings Pulse O2
    By yohannrjm in forum BlackBerry 10 OS
    Replies: 1
    Last Post: 09-16-14, 11:41 AM
LINK TO POST COPIED TO CLIPBOARD