Four-year-old bug could allow attackers steal data from 99pc Android devices


Android Enthusiast
Found this article today & thought I should share it here :)


Check six!
While there is no way for an infected app to reach users’ Android device if they always use Google Play (also updated) for downloading apps or updating them, the risk is very high for the users of third-party stores or consumers who install APK files from unknown sources.

This just reinforces the common-sense advice frequently given out here at AF; "Be VERY careful if using anything other than Google Play." ;)


Android Expert
If the article wanted to be accurate and informative, it would have stated:

"While there is no way for an infected app to reach the device regardless of what operating system they are using if they always use approved stores for downloading apps or updating them, the risk is very high for the users of third-party stores or consumers who install APK files from unknown sources."

In the case of Android, I would say that only Play Store and Amazon App Store are secure. Other than that, I have only downloaded betas from the swiftkey an swype official sites

Stannis the Mannis

Taking into account that most people DON'T download apps from unknown sources there is no way it can affect 99% of Android Devices. If everyone was downloading from unkown sources then this claim might have some legitimacy. I mean just ask any casual users what an "apk" is -_-

If this affects 99% of Android devices, then i must be Batman.


Since it isn't about the Razr in particular and more about general Android, I have moved this topic to the Android Lounge. One thing that might settle you nerves is a quote I found from another article about the exploit:

The good news, according to CIO, is that Google has fixed the Google Play app store so that it will not allow apps that are vulnerable to the flaw. But apps downloaded from non-Google third parties remain vulnerable


Android Expert
People need to read more than the headline. As Slug pointed out above, this is about people sideloading from third-party sites. Not about Android.

Any OS can be infected when you load on software that you know nothing about. That goes for phones, tablets, servers, laptops, desktops, etc.


h ttp://venturebeat. com/2013/07/03/massive-android-flaw-allows-hackers-to-take-over-and-control-99-of-android-devices/

Or is this article a hoax


Android Expert
The only manufacturer that has patched this exploit is Samsung, but only one of their device has the patch. The phone that is safe from this exploit is the Galaxy S4.


Android Enthusiast
"Update: According to a report in CIO, Google has already modified its Play Store’s app entry process so that apps that have been modified using this exploit are blocked and can no longer be distributed via Play."

they have yet to remove placebo/fake apps which do nothing except waste your time and battery energy as you shop the play store. Google does a "D" grade job of policing the play store, in my opinion.


Android Expert
Seems that a new Android vulnerability has been found that affects 99% of 'droids and could make your phone open to anything from snooping to a complete take over :eek:

All Android apps contain a crytographic signature that ought to be invalidated if a legitimate app is tampered with - e.g. 'infected' with a virus - after distribution. Your phone checks the signature and will refuse to install an app if it's signature is invalid.

This vulnerability means that the apps can be amended without invalidating the signature which in turn means that kosher apps can be 'infected' with dodgy code and your phone will happily install them.

Unfortunately, individual manufacturers will need to fix their firmware and distribute the fix to all phones running any version of Android from 1.x on - good luck anyone with a non-current phone :eek:

On the upside, Google have fixed Play so no infected apps can be distributed from there which means that, so long as you avoid 3rd party app stores, you should be - relatively - safe.


Android Expert
I saw the following in an article. Thought it was worth sharing.

Security Research company BlueBox is reporting that they have uncovered a master key for the Android operating system that will allow a user unfettered access to the phone contents of any Android phone with O/S versions dating back to 2009. Um


Android Expert
From the verge article:

"How that distribution would actually occur is still theoretical. Exploiting via Google's Play Store isn't possible, since Google has already updated the platform. But a user could still be tricked or lured into installing a bogus update through other avenues, including third party app stores, phishing emails, or malicious websites."

Really? Theoretical flaws get real articles? What's next? In theory an Android phone can't survive a direct hit from a nuclear missile?

Four year old Android bug could allow malicious apps on '99 percent' of devices | The Verge