1. Download our Official Android App: Forums for Android!

Android security question (visited hacked website...)

Discussion in 'Android Lounge' started by tbessie, Feb 6, 2014.

  1. tbessie

    tbessie Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    30
    Joined:
    May 2, 2011

    May 2, 2011
    30
    2
    16
    Hey folks, question for you...

    A website I use from time to time appears to have been compromised by hackers (it redirected to a Russian website and started downloading an APK). I have told the website owners and they've fixed it.

    A glutton for punishment (and because I couldn't believe the site had been hacked), I visited the site several times using my Nexus 5, to make sure this was actually happening. The download seems to have started a few times, but may have completed at one point (I think the phone asked me "Are you sure you want to download this file? It potentially contains malware" or something along those lines - this was a few weeks ago, so I don't remember everything I did).

    My question is this - I had enabled installation of APKs that I didn't get from the Android store (since re-disabled). In a situation like what I described, can a download from a website *force* an installation of a malicious APK? I believe I answered "no" to Android's question about if I wanted to download the file, but if I had said "yes" by accident, would I still see some kind of installation method?

    I ran a couple of anti-malware checkers on the phone afterwards, and they found nothing.

    I'm just getting paranoid, so wanted to check here to see if anyone's experienced this before, and what I should expect my phone to have told me in a case like this.

    - Tim
     

    Advertisement

  2. Sandgoose

    Sandgoose Member
    Rank:
    None
    Points:
    38
    Posts:
    52
    Joined:
    Jun 29, 2010

    Jun 29, 2010
    52
    10
    38
    I don't think a site can force you to run an apk? do you have sideloading enabled? if not as far as it would get anyway would be the prompt "enable sideloading blab blah in options"

    if you are really still not sure about it just nuke the site from orbit, the only way to be sure (by which I mean backup your stuff and do a factory reset)

    :)
     
  3. tbessie

    tbessie Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    30
    Joined:
    May 2, 2011

    May 2, 2011
    30
    2
    16
    I had "Unknown Sources" enabled at the time - if that's what you mean by sideloading, then yes (tho' I've since turned it off).

    I'm hoping to avoid a factory reset, since it took me a million years to set up the damn thing originally. :)

    That's why I was wondering if antimalware apps would likely detect it, or if I should see anything in the browser Downloads folder, or see a new installed app in the app list, etc. I guess sufficiently advanced malware could hide all traces of its exploits, eh?

    - Tim
     
  4. funkylogik

    funkylogik share the love peeps ;)
    Rank:
    None
    Points:
    1,443
    Posts:
    21,404
    Joined:
    Sep 15, 2011

    Sep 15, 2011
    21,404
    7,246
    1,443
    Male
    monkey
    Paisley, Scotland, Western Europe
    You would have to accept installation for it to do any harm so unless you might have hit "yes" at the installation screen theres nothing to worry about.
    you could have a look through the application manager to see if theres anything that looks like it shouldnt be there and google the app name
     
    Unforgiven, lunatic59, davoid and 3 others like this.
  5. codesplice

    codesplice Elite Recognized Moderator
    Moderator
    Rank:
     #13
    Points:
    1,563
    Posts:
    8,714
    Joined:
    Oct 29, 2013

    Oct 29, 2013
    8,714
    10,089
    1,563
    Male
    SysAdmin
    Huntsville, AL
    This. Even if a site can automatically download an APK, you still have to click the Install button - and that's only after you've allowed installing apps from unknown sources.
     
    Unforgiven and funkylogik like this.
  6. funkylogik

    funkylogik share the love peeps ;)
    Rank:
    None
    Points:
    1,443
    Posts:
    21,404
    Joined:
    Sep 15, 2011

    Sep 15, 2011
    21,404
    7,246
    1,443
    Male
    monkey
    Paisley, Scotland, Western Europe
    Android is really safe in that respect :)
    Just had a thought. If youre worried about the apk, it should be in your sdcard/download folder so use a file explorer to go in there and delete it
     
  7. tbessie

    tbessie Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    30
    Joined:
    May 2, 2011

    May 2, 2011
    30
    2
    16
    Definitely nothing there. I asked over at Brighthand, tho' (where many old-timers like me hang out), and the moderator suggested that even if it doesn't seem like anything has been installed, for all I know there could be some "harmless-seeming" app that "activates" code sitting in the browser cache or something like that. This kind of thing has been discussed online (I've read some articles about it); some have recommended being better-safe-than-sorry and factory resetting, but I shudder to think of starting from scratch (I have a LOT of apps and settings, many of which I can't back-up).

    - Tim
     
  8. Rxpert83

    Rxpert83 Dr. Feelgood
    Rank:
     #12
    Points:
    1,953
    Posts:
    17,921
    Joined:
    Aug 30, 2011

    Aug 30, 2011
    17,921
    13,145
    1,953
    Male
    Graduate Student
    MN
    Is the phone rooted?

    FDR is my first suggestion as well if you're really worried about malware. Better yet, a fresh install of a factory image.
     
  9. funkylogik

    funkylogik share the love peeps ;)
    Rank:
    None
    Points:
    1,443
    Posts:
    21,404
    Joined:
    Sep 15, 2011

    Sep 15, 2011
    21,404
    7,246
    1,443
    Male
    monkey
    Paisley, Scotland, Western Europe
    To me that sounds like misinformed scaremongering Tim. Android is very different to windows but then im very relaxed when it comes to security.
    The way i see it, on an unrooted phone, malware has nowhere to hide :thumbup:
     
  10. Rxpert83

    Rxpert83 Dr. Feelgood
    Rank:
     #12
    Points:
    1,953
    Posts:
    17,921
    Joined:
    Aug 30, 2011

    Aug 30, 2011
    17,921
    13,145
    1,953
    Male
    Graduate Student
    MN
    That assumes it doesn't use an exploit to gain root, but I agree. ;)
     
    funkylogik likes this.
  11. funkylogik

    funkylogik share the love peeps ;)
    Rank:
    None
    Points:
    1,443
    Posts:
    21,404
    Joined:
    Sep 15, 2011

    Sep 15, 2011
    21,404
    7,246
    1,443
    Male
    monkey
    Paisley, Scotland, Western Europe
    ^ what he said lol :D
     
  12. tbessie

    tbessie Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    30
    Joined:
    May 2, 2011

    May 2, 2011
    30
    2
    16
    Not rooted, no. Probably not being rooted is better in a case like this, eh? (no chance of malware getting into system files etc?).
     
  13. tbessie

    tbessie Member
    Thread Starter
    Rank:
    None
    Points:
    16
    Posts:
    30
    Joined:
    May 2, 2011

    May 2, 2011
    30
    2
    16
    Hmm - are there exploits to gain root on an unrooted phone with a locked bootloader? I thought that was impossible (even on a Nexus 5).
     
  14. funkylogik

    funkylogik share the love peeps ;)
    Rank:
    None
    Points:
    1,443
    Posts:
    21,404
    Joined:
    Sep 15, 2011

    Sep 15, 2011
    21,404
    7,246
    1,443
    Male
    monkey
    Paisley, Scotland, Western Europe
    I think root can still be gained on a locked device but I also think rxpert was just playin with us and the odds of that happening are negligible :D
     
    Rxpert83 likes this.
  15. Rxpert83

    Rxpert83 Dr. Feelgood
    Rank:
     #12
    Points:
    1,953
    Posts:
    17,921
    Joined:
    Aug 30, 2011

    Aug 30, 2011
    17,921
    13,145
    1,953
    Male
    Graduate Student
    MN
    There are certainly software level root exploits.

    That's how all the one click root apps work(ed). Most known exploits are patched as time goes on, but it depends on how up to date your phone is.

    In reality, the chances of that are pretty low.
     
    funkylogik likes this.

Share This Page

Loading...