1. Are you ready for the Galaxy S20? Here is everything we know so far!

Four-year-old bug could allow attackers steal data from 99pc Android devices

Discussion in 'Android Lounge' started by socrates0, Jul 4, 2013.

  1. socrates0

    socrates0 Android Enthusiast
    Thread Starter

    Found this article today & thought I should share it here :)

    scary alien likes this.

    1. Download the Forums for Android™ app!


  2. Slug

    Slug Check six!
    VIP Member

    This just reinforces the common-sense advice frequently given out here at AF; "Be VERY careful if using anything other than Google Play." ;)
  3. gtbarry

    gtbarry Android Expert

    If the article wanted to be accurate and informative, it would have stated:

    "While there is no way for an infected app to reach the device regardless of what operating system they are using if they always use approved stores for downloading apps or updating them, the risk is very high for the users of third-party stores or consumers who install APK files from unknown sources."

    In the case of Android, I would say that only Play Store and Amazon App Store are secure. Other than that, I have only downloaded betas from the swiftkey an swype official sites
  4. Stannis the Mannis

    Stannis the Mannis Rapscallion

    Taking into account that most people DON'T download apps from unknown sources there is no way it can affect 99% of Android Devices. If everyone was downloading from unkown sources then this claim might have some legitimacy. I mean just ask any casual users what an "apk" is -_-

    If this affects 99% of Android devices, then i must be Batman.
    LilBit likes this.
  5. drako

    drako Newbie

  6. jhawkkw

    jhawkkw Chinchillin'

    Since it isn't about the Razr in particular and more about general Android, I have moved this topic to the Android Lounge. One thing that might settle you nerves is a quote I found from another article about the exploit:

    El Presidente, ocnbrze and LilBit like this.
  7. jhawkkw

    jhawkkw Chinchillin'

    Thanks for the heads up :).

    Threads Merged.
    ocnbrze and LilBit like this.
  8. LilBit

    LilBit Extreme Android User

    Nice merge!! I was just about to do it myself!! Got ninja'd though!!:D
  9. gtbarry

    gtbarry Android Expert

    People need to read more than the headline. As Slug pointed out above, this is about people sideloading from third-party sites. Not about Android.

    Any OS can be infected when you load on software that you know nothing about. That goes for phones, tablets, servers, laptops, desktops, etc.
  10. jaydemir

    jaydemir Newbie

    h ttp://venturebeat. com/2013/07/03/massive-android-flaw-allows-hackers-to-take-over-and-control-99-of-android-devices/

    Or is this article a hoax
  11. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

  12. ocnbrze

    ocnbrze DON'T PANIC!!!!!!!!!

    thanx gtbarry....i merged the two threads together.
  13. Stannis the Mannis

    Stannis the Mannis Rapscallion

    You guys should see some of the hysterical comments on G+, the ones from iDrones are particularly funny.
  14. chevanlol360

    chevanlol360 Android Expert

    You read the title correctly, your android device might be at risk for a serious bug that's been around since android 1.5 donut.

    All quotations below are from the article that I got it from: http://m.techcrunch.com/2013/07/04/android-security-hole/

    " Mobile security startup Bluebox Security has unearthed a vulnerability in Android
  15. chevanlol360

    chevanlol360 Android Expert

    The only manufacturer that has patched this exploit is Samsung, but only one of their device has the patch. The phone that is safe from this exploit is the Galaxy S4.
  16. MoodyBlues

    MoodyBlues Compassion is cool!
    VIP Member

    LilBit likes this.
  17. mrnyjet

    mrnyjet Android Enthusiast

    they have yet to remove placebo/fake apps which do nothing except waste your time and battery energy as you shop the play store. Google does a "D" grade job of policing the play store, in my opinion.
  18. Rxpert83

    Rxpert83 Dr. Feelgood

    Ahh another OMG this will bring down android bug. :rolleyes:

    In reality, this won't affect people who download from the play store, which has always been the suggested method of getting apps
  19. Stannis the Mannis

    Stannis the Mannis Rapscallion

    I have a feeling that we're gonna be seeing a lot more of these articles in the future.
    ocnbrze likes this.
  20. SiempreTuna

    SiempreTuna Android Expert

    Seems that a new Android vulnerability has been found that affects 99% of 'droids and could make your phone open to anything from snooping to a complete take over :eek:

    All Android apps contain a crytographic signature that ought to be invalidated if a legitimate app is tampered with - e.g. 'infected' with a virus - after distribution. Your phone checks the signature and will refuse to install an app if it's signature is invalid.

    This vulnerability means that the apps can be amended without invalidating the signature which in turn means that kosher apps can be 'infected' with dodgy code and your phone will happily install them.

    Unfortunately, individual manufacturers will need to fix their firmware and distribute the fix to all phones running any version of Android from 1.x on - good luck anyone with a non-current phone :eek:

    On the upside, Google have fixed Play so no infected apps can be distributed from there which means that, so long as you avoid 3rd party app stores, you should be - relatively - safe.
    funkylogik likes this.
  21. rabidhunter

    rabidhunter Android Expert

    I saw the following in an article. Thought it was worth sharing.

  22. gtbarry

    gtbarry Android Expert

    From the verge article:

    "How that distribution would actually occur is still theoretical. Exploiting via Google's Play Store isn't possible, since Google has already updated the platform. But a user could still be tricked or lured into installing a bogus update through other avenues, including third party app stores, phishing emails, or malicious websites."

    Really? Theoretical flaws get real articles? What's next? In theory an Android phone can't survive a direct hit from a nuclear missile?

    Four year old Android bug could allow malicious apps on '99 percent' of devices | The Verge
  23. rabidhunter

    rabidhunter Android Expert

    It's interesting, but also seemingly irrelevant. Am I worried, absolutely not. A little bit of common sense goes a long way.
    Rxpert83 likes this.

Share This Page