[winter_hat]

Massive Android flaw allows hackers to ‘take over’ and ‘control’ 99% of Android devices | VentureBeat

lol.

[MartyMcfly]

Doesn't bother me one bit...


Sent From My New IPad using Tapatalk

[Saiga]

Clicked link, read "Mobile security company" and had read enough.

Just another company trying to profit off of scaring people.

[raino]

Does anyone get to present at Black Hat, though?

Edit: some more information, courtesy of Engadget: http://www.engadget.com/2013/07/04/b...vulnerability/

[GG1]

Yay!! Another Android security thread.

[spotmark]

So, you're not going to swap to Android, when BB folds?

[BergerKing]

Ok, a Mobile Security company reporting a problem that is endemic to off-base app stores. And could be a vulnerability if one does not use reasonable caution.

That’s a disaster for users, particularly because many Android users, particularly those in Asian and Eastern countries, use the*500+ independent Android app stores*that have little or no authentication or verification procedures to ensure that apps that pass through their services are legit, forming a perfect opportunity or unscrupulous and technically-inclined thieves and spies to gain control of your phone.

Seems like one of the best answers would be: Don't download from spotty sources.

[rnhld]

Mostly an issue to users that sideload apps on their android devices...

[spotmark]

Mostly an issue to users that sideload apps on their android devices...

And to BB fanboys, apparently.

[BergerKing]

Ah, I've seen similar stories on other sites, too. Apparently, in this how do we scare the pants off someone today world, that's the way things are.

Sent from my SPH-L710 using CB Forums mobile app

[Crackberry Brian]

Security I don't think so it doesn't have security at all

Posted via CB10

[the_sleuth]

This article is from Bluebox, a security provider. It reminds me of Lookout articles. Let's scare the beejesus of Android users so our security app gets downloaded. If one downloads apps from Google Play and not third party providers then this is not an issue. Besides, a good virus app like Avast! is extra protection. I think the article is correct in that security updates are not being implemented properly by all users due to fragmented Android OSes. All Android users should be using Jelly Bean.

[raino]

I'm not entirely sold on Bluebox's motive being to cash in on a scare. Afterall:

1. They've notified Google about it, who's (un?)surprisingly tight lipped about it, but working on a patch for the Nexus devices.
2. They've IDed the Galaxy S4 as the only immune device
3. They're presenting at Black Hat (which is a convention of...prestige, right?)

Also, if you read the comments in the OP's article, the author states,

According to Bluebox, even Google Play would theoretically not be totally safe, since infected apps would look just fine to Google. The challenge there would be for hackers to upload their modified apps, because Google has at least some verification around who is uploading an app, and not allowing duplicate apps from different authors.

But what happens if it's a rogue author uploading the primary APK for his rogue app?

[Astro_Man]

So, you're not going to swap to Android, when BB folds?

Never. I would rather pay to use a trac phone than use a free android with a year's worth of service thrown in.

[Kris Erickson]

By the time BB folds, phones will have advanced to the stage they are in our skin.

[raino]

Nice write-up from CB's sister site Android Central: Making sense of the latest Android 'Master Key' security scare | Android Central

[TgeekB]

Never. I would rather pay to use a trac phone than use a free android with a year's worth of service thrown in.

Enjoy your trac phone then.

[the_sleuth]

This thread is about FUD. Android Jelly Bean has security features to block this: Settings > Security > Unknown sources (should not be checked)

If you install cracked Android apps, then you are at fault for not using Google Play.

[raino]

But what about the Bluebox guy's claim that even Google Play is not completely impervious to this flaw?

[rnhld]

But what about the Bluebox guy's claim that even Google Play is not completely impervious to this flaw?

If any apk is at risk of being modified, then Google play, being an apk, is at risk of being modified. However, I don't think many people (at least in the US) are going to be illegitimately installing the Google play store on their Google certified (**** already comes installed) devices.

Now, I wonder if BB10 and PB users are also vulnerable to this exploit, given all the rampant side loading and sense of invulnerability...

Posted via CB10

[the_sleuth]

Google Play is not impervious. But Google has a very good track record in catching malware.

Besides, please reread this from Hillebrand:

If you don’t have the infamous “Unknown Sources” permission box checked off in your settings, this all means nothing to you. Carry on, and feel free to be a little smug and self-righteous — you deserve it for eschewing sideloading all this time in case something like this could happen. If you don't know what this means, ask someone.

For the rest of us, read past the break.

Android Central | Android Forums, News, Reviews, Help and Android Wallpapers

But what about the Bluebox guy's claim that even Google Play is not completely impervious to this flaw?

[raino]

If any apk is at risk of being modified, then Google play, being an apk, is at risk of being modified. However, I don't think many people (at least in the US) are going to be illegitimately installing the Google play store on their Google certified (**** already comes installed) devices.

Now, I wonder if BB10 and PB users are also vulnerable to this exploit, given all the rampant side loading and sense of invulnerability...

Sorry...I didn't mean the GP apk per se, but apps downloaded from the GP store.

[raino]

Google Play is not impervious. But Google has a very good track record in catching malware.

Besides, please reread this from Hillebrand:

I read that. Can I install apps from the Amazon appstore if I have that box unchecked?

[howarmat]

I think the AC article mention that google already patched the play store so this wont be an issue. Its only really if you sideload or get apps outside of google play

[howarmat]

I read that. Can I install apps from the Amazon appstore if I have that box unchecked?

if its unchecked you can intsall from amazon appstore. If you check the box that amazon appstore is blocked from installed or updating apps