They won't! At least not one that will make it to phones.
According to koop it's already been addressed. I hope they do something at the OS level for those that they can in additional to the Play Store fix.
Quote:
Originally Posted by iSteelers
"Rogue Developers", classic. It's right up there with "Ancient Astronaut Theorists".
The contempt and distrust for 3rd party devs at this site really amazes me. Especially considering there are many members here who are 3rd party devs themselves.
"Using Google Play to distribute apps that have been modified to exploit this flaw is not possible because Google updated the app stores application entry process in order to block apps that contain this problem"
--
So this effects all the Android users who root and side load apps. Lets forget for a second most of those users are smart enough to manage their device security without hand holding, and say this is a whopping 2% of the market...maybe. Thanks for the scary headline I guess.
If nobody "sideloads" apps, then why do Android proponents cite it as a primary feature of the platform?
Also, 2% of statistics unfavorable to one's personal wishes are just pulled from your ass, apparently.
The only one people use and care about. Amazon is the next best one.
I'm willing to bet 95% of Android users don't even know they can side load applications and will always be getting apps strictly from the Google Play store. As much as Apple users gloat about being walled in (I don't mind it myself) and that's secure, most best selling Android phones in their default settings are fairly locked down out of the box. Mostly the tech heads remove those restrictions, and it's on them to be careful about non-curated software.
Again, AI glossed over the fact that those who strictly use Google Play (almost everyone) will not be bothered by this issue. Any infection will require social engineering, which is a user error more than anything.
But that isn't true.
"if an attacker tricks a user to manually install a malicious update for an app originally installed through Google Play, the app will be replaced and the new version will no longer interact with the app store. That's the case for all applications or new versions of applications, malicious or non-malicious, that are not installed through Google Play"
Imagine how easy it would be to send out update notices for Facebook that install a new version of the app that looks to the system like the one it "securely" installed via Google Play. Broken. This is a real issue, and its not easy to solve. Curious why you're so interested in nobody hearing about it. Security through obscurity? Market share through incompetent dumping?
Also: putting one's head in the sand and saying there is no malware problem didn't work for Windows XP a decade ago.
Go figure apple has a minor pass code bypass hack that requires access to the device and the press flips out... But android has a gainer ability that allows people to literally steal your device right out from under your nose and people see not to care... Wtf
Not sure why some people play this issue down and claim that using Google Play is safe. It's not at all, read the article.
Yes, it does at some point refer to manufacturer apps, however it doesn't mean that only such apps can cause harm. It merely means that such apps tend to have privileges within the system that go beyond the permissions regular store apps have.
That doesn't man that no other app can be malicious, in fact they can and they can be just as severe, depending on the permissions the application in question requires. This is a HUGE deal.
Are they talking about the app signing spoof that basically all of xda uses to get apps that don't work on certain phones (Google Wallet) to load? If so, this is a non-story and like someone said above, it doesn't affect the average consumer or the tech savvy rooters.
So - according to this, I have to load a compromised app (an app originally signed and distributed by a legitimate developer, then compromised by a rogue). Can someone explain how this is supposed to happen via the app store? Doesn't seem likely. Seems more likely to happen if the user downloads and then sideloads such a rogue/hacked app.
"However, due to the newly discovered Android flaw, a rogue developer can trick the system into thinking that a compromised app is still legitimate, giving it system wide access to do virtually anything."
Sounds like if you go Android it would be a good idea to go with a late model Google made phone or at least the S4 special & others that are being offered with the pure Android operating system
The vast majority of Android users have 5 apps on their phone max, use Google Play and have little need to be concerned about the issue.
No the vast majority of Android users can't even use Google Play. These are the ones Google doesn't count anymore to make their fragmentation look better. Their super cool tech friends tell them where to go to get the best apps free because they don't want to pay for anything.
To all the Walled Garden Apple-hating idiots; welcome to the wide-assed open Android OS where free malware abounds.
I've been waiting for this day, for it was sure to come. Now, 900 million Android customers are re-thinking their earlier choice. I'd not be surprised if Apple sales sees a surge that would put the Sandy hurricane to shame... The new iPhones can't get here soon enough...!!!
I doubt that 5% are rethinking this as most of them purchased this Feature-Smart phone just for a phone and know no better.
Are they talking about the app signing spoof that basically all of xda uses to get apps that don't work on certain phones (Google Wallet) to load? If so, this is a non-story and like someone said above, it doesn't affect the average consumer or the tech savvy rooters.
If this is the same thing that APKTool does then that would mean this is just sensationalist "journalism.". Surely DED would never take part in such activities just to make Android look bad.
If nobody "sideloads" apps, then why do Android proponents cite it as a primary feature of the platform?
Also, 2% of statistics unfavorable to one's personal wishes are just pulled from your ass, apparently.
Correct. Go to any tech blog where Android sycophants hang out and they'll be happy to tell you that the ability to root and side load apps is what makes Android so "popular" with the masses. It's all about openness and freedom to do whatever you want, they say. Now we have an Android apologist claiming otherwise.
Sounds like if you go Android it would be a good idea to go with a late model Google made phone or at least the S4 special & others that are being offered with the pure Android operating system
The "pure Android" Google Nexus models have not been updated yet. Google has known about it since February. That's four months of being quiet about a serious security vulnerability.
Wow! Reading comprehension goes out the window when you're blinded by bias.
Anyone who thinks this is a minor threat really needs to get their head examined. This vulnerability affects ALL apps in so much that any UPDATE made to that app regardless of where it was originally installed, can potentially be infected without the operating system knowing. Obviously any curated app store will be immune to this if they are diligent in checking for malware. But a user tricked into an update from another source is at risk and this is the real problem as most users aren't aware of what's happening... this was the biggest problem with most Windows epidemics; clueless users clicking things they shouldn't.
A user could go to a website that's been hacked and a message pops up that looks like a system message, saying something like...
"There is a new version of the Calculator app... Would you like to update?"
Well, how threatening is a calculator app... not at all, most people who didn't realize what was happening would probably click Yes. Then their device would be infected. The same thing could happen from an official looking email.
Correct. Go to any tech blog where Android sycophants hang out and they'll be happy to tell you that the ability to root and side load apps is what makes Android so "popular" with the masses. It's all about openness and freedom to do whatever you want, they say. Now we have an Android apologist claiming otherwise.
The fact that you have come across an abundance of tech nerds frequenting tech blogs doesn't surprise me. Of course they're going to say that it's a hugely popular feature because in their circle it is. I'm a tech nerd and I love that I can root and side load apps. If I had an iPhone I'd jailbreak it and sideload the occasional app too. Not much difference in that department.
The fact that you have come across an abundance of tech nerds frequenting tech blogs doesn't surprise me. Of course they're going to say that it's a hugely popular feature because in their circle it is. I'm a tech nerd and I love that I can root and side load apps. If I had an iPhone I'd jailbreak it and sideload the occasional app too. Not much difference in that department.
The number of people actually rooting their system, etc. is very small, but I think those kind of geeks collect devices so they represent a lot of sales in units. The average person doesn't have or want to spend time being a phone geek, they have other things to do with their life than geeking out with a smartphone.
Comments
Quote:
Originally Posted by CustomTB
They won't! At least not one that will make it to phones.
According to koop it's already been addressed. I hope they do something at the OS level for those that they can in additional to the Play Store fix.
Quote:
Originally Posted by iSteelers
"Rogue Developers", classic. It's right up there with "Ancient Astronaut Theorists".
The contempt and distrust for 3rd party devs at this site really amazes me. Especially considering there are many members here who are 3rd party devs themselves.
Quote:
Originally Posted by koop
"Using Google Play to distribute apps that have been modified to exploit this flaw is not possible because Google updated the app stores application entry process in order to block apps that contain this problem"
--
So this effects all the Android users who root and side load apps. Lets forget for a second most of those users are smart enough to manage their device security without hand holding, and say this is a whopping 2% of the market...maybe. Thanks for the scary headline I guess.
If nobody "sideloads" apps, then why do Android proponents cite it as a primary feature of the platform?
Also, 2% of statistics unfavorable to one's personal wishes are just pulled from your ass, apparently.
Quote:
Originally Posted by koop
The only one people use and care about. Amazon is the next best one.
I'm willing to bet 95% of Android users don't even know they can side load applications and will always be getting apps strictly from the Google Play store. As much as Apple users gloat about being walled in (I don't mind it myself) and that's secure, most best selling Android phones in their default settings are fairly locked down out of the box. Mostly the tech heads remove those restrictions, and it's on them to be careful about non-curated software.
Again, AI glossed over the fact that those who strictly use Google Play (almost everyone) will not be bothered by this issue. Any infection will require social engineering, which is a user error more than anything.
But that isn't true.
"if an attacker tricks a user to manually install a malicious update for an app originally installed through Google Play, the app will be replaced and the new version will no longer interact with the app store. That's the case for all applications or new versions of applications, malicious or non-malicious, that are not installed through Google Play"
Imagine how easy it would be to send out update notices for Facebook that install a new version of the app that looks to the system like the one it "securely" installed via Google Play. Broken. This is a real issue, and its not easy to solve. Curious why you're so interested in nobody hearing about it. Security through obscurity? Market share through incompetent dumping?
Also: putting one's head in the sand and saying there is no malware problem didn't work for Windows XP a decade ago.
Not sure why some people play this issue down and claim that using Google Play is safe. It's not at all, read the article.
Yes, it does at some point refer to manufacturer apps, however it doesn't mean that only such apps can cause harm. It merely means that such apps tend to have privileges within the system that go beyond the permissions regular store apps have.
That doesn't man that no other app can be malicious, in fact they can and they can be just as severe, depending on the permissions the application in question requires. This is a HUGE deal.
"However, due to the newly discovered Android flaw, a rogue developer can trick the system into thinking that a compromised app is still legitimate, giving it system wide access to do virtually anything."
Does this affect all of the new Gingerbread phones?
Quote:
Originally Posted by koop
The vast majority of Android users have 5 apps on their phone max, use Google Play and have little need to be concerned about the issue.
No the vast majority of Android users can't even use Google Play. These are the ones Google doesn't count anymore to make their fragmentation look better. Their super cool tech friends tell them where to go to get the best apps free because they don't want to pay for anything.
Quote:
Originally Posted by Macky the Macky
To all the Walled Garden Apple-hating idiots; welcome to the wide-assed open Android OS where free malware abounds.
I've been waiting for this day, for it was sure to come. Now, 900 million Android customers are re-thinking their earlier choice. I'd not be surprised if Apple sales sees a surge that would put the Sandy hurricane to shame... The new iPhones can't get here soon enough...!!!
I doubt that 5% are rethinking this as most of them purchased this Feature-Smart phone just for a phone and know no better.
If this is the same thing that APKTool does then that would mean this is just sensationalist "journalism.". Surely DED would never take part in such activities just to make Android look bad.
Quote:
Originally Posted by Corrections
If nobody "sideloads" apps, then why do Android proponents cite it as a primary feature of the platform?
Also, 2% of statistics unfavorable to one's personal wishes are just pulled from your ass, apparently.
Correct. Go to any tech blog where Android sycophants hang out and they'll be happy to tell you that the ability to root and side load apps is what makes Android so "popular" with the masses. It's all about openness and freedom to do whatever you want, they say. Now we have an Android apologist claiming otherwise.
Quote:
Originally Posted by Everett Ruess
Sounds like if you go Android it would be a good idea to go with a late model Google made phone or at least the S4 special & others that are being offered with the pure Android operating system
The "pure Android" Google Nexus models have not been updated yet. Google has known about it since February. That's four months of being quiet about a serious security vulnerability.
On an "open" platform.
Unlikely to affect the majority of Android "users"...
Wow! Reading comprehension goes out the window when you're blinded by bias.
Anyone who thinks this is a minor threat really needs to get their head examined. This vulnerability affects ALL apps in so much that any UPDATE made to that app regardless of where it was originally installed, can potentially be infected without the operating system knowing. Obviously any curated app store will be immune to this if they are diligent in checking for malware. But a user tricked into an update from another source is at risk and this is the real problem as most users aren't aware of what's happening... this was the biggest problem with most Windows epidemics; clueless users clicking things they shouldn't.
A user could go to a website that's been hacked and a message pops up that looks like a system message, saying something like...
"There is a new version of the Calculator app... Would you like to update?"
Well, how threatening is a calculator app... not at all, most people who didn't realize what was happening would probably click Yes. Then their device would be infected. The same thing could happen from an official looking email.
Quote:
Originally Posted by lkrupp
Correct. Go to any tech blog where Android sycophants hang out and they'll be happy to tell you that the ability to root and side load apps is what makes Android so "popular" with the masses. It's all about openness and freedom to do whatever you want, they say. Now we have an Android apologist claiming otherwise.
The fact that you have come across an abundance of tech nerds frequenting tech blogs doesn't surprise me. Of course they're going to say that it's a hugely popular feature because in their circle it is. I'm a tech nerd and I love that I can root and side load apps. If I had an iPhone I'd jailbreak it and sideload the occasional app too. Not much difference in that department.
Quote:
Originally Posted by GTR
Unlikely to affect the majority of Android "users"...
I wonder what's going to happen with regards to returns once this news gets widely distributed around the world in local newspapers and TV?
Quote:
Originally Posted by DroidFTW
The fact that you have come across an abundance of tech nerds frequenting tech blogs doesn't surprise me. Of course they're going to say that it's a hugely popular feature because in their circle it is. I'm a tech nerd and I love that I can root and side load apps. If I had an iPhone I'd jailbreak it and sideload the occasional app too. Not much difference in that department.
The number of people actually rooting their system, etc. is very small, but I think those kind of geeks collect devices so they represent a lot of sales in units. The average person doesn't have or want to spend time being a phone geek, they have other things to do with their life than geeking out with a smartphone.