If android users mostly use their phones as featurephones and don't browse the web much -- as some on these forums have claimed -- this scenario would be quite unlikely.
1. that's not just something some on this forum have claimed... there are numerous statistics to back that up.
2. That's not the point. A link to a download/install can come from anywhere, not just while browsing the web. That was just an example.
Well, I suppose it depends on what you mean by "media." If you mean places like Ars, then it's already there. If you mean the WSJ or NYT, it won't happen. They only talk about problems that Apple (and MS, to a lesser extent) have. I will bet you dollars to doughtnuts that there is no story about this in the WSJ.
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
Seriously, you don't know what "dollars to doughnuts" means? Yeesh, I must REALLY be getting old. It basically means that I would give you great odds in a bet on whatever subject we're discussing.
Eh. I'll believe it when I see it. I doubt anyone outside the insular tech internet "media" will discuss this in the least.
No, it's not one interpretation. I'm sorry, but people who are using Android are using them for much less than people who are using iOS. That's a fact. Do with it what you will.
Well if that were unambiguously true, it sounds this exploit wouldn't actually affect most android users, since they're not likely to get malicious app updates just by making phone calls, texting their friends, or playing the occasional solitaire -- whatever one usually does on featurephones. Unless of course your average user subscribes to non-google play app sources.
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
It's not as bad as it sounds as there's already safety guards in place (scroll up to read about them). However, the fact that something isn't as bad as it sounds has never stopped the media before. In fact, they love to blow things out of proportion and try to scare people into being afraid of things that aren't nearly the threat they're made out to be.
Maybe DED is becoming a real journalist after all!
Well if that were unambiguously true, it sounds this exploit wouldn't actually affect most android users, since they're not likely to get malicious app updates just by making phone calls, texting their friends, or playing the occasional solitaire. Unless of course your average user subscribes to non-google play app sources.
It IS unambiguously true, as many, many analyses have shown over a long period of time. It's probably also true that this will affect few Android users, for the reasons you state. That doesn't mean it's not important.
Quote:
Originally Posted by DroidFTW
It's not as bad as it sounds as there's already safety guards in place (scroll up to read about them). However, the fact that something isn't as bad as it sounds has never stopped the media before. In fact, they love to blow things out of proportion and try to scare people into being afraid of things that aren't nearly the threat they're made out to be.
Maybe DED is becoming a real journalist after all!
Wow! Reading comprehension goes out the window when you're blinded by bias.
Anyone who thinks this is a minor threat really needs to get their head examined. This vulnerability affects ALL apps in so much that any UPDATE made to that app regardless of where it was originally installed, can potentially be infected without the operating system knowing. Obviously any curated app store will be immune to this if they are diligent in checking for malware. But a user tricked into an update from another source is at risk and this is the real problem as most users aren't aware of what's happening... this was the biggest problem with most Windows epidemics; clueless users clicking things they shouldn't.
Also:
"[Update: a report by Computerworld notes that Samsung has included a patch rectifying the issue for one device: its flagship Galaxy S4. The article noted Forristal as saying that "Google has not released patches for its Nexus devices yet, but the company is working on them."]."
Wouldn't that mean that all devices besides the S4 (back to 1.6 or whatever they said) are vulnerable, regardless of the App Store users access? Not sure how many that leaves, but some storage boxes in a warehouse somewhere are safe...
Man hackers enjoying this, I had heard about 2 years ago "you need to buy security software for smartphones,it's tons easier than windows for security hacks on windows; on the off set IOS has no known security hacks" here we have donut and Ice cream sandwich users have 4 millions ways to be hacked, go google!
If android users mostly use their phones as featurephones and don't browse the web much -- as some on these forums have claimed -- this scenario would be quite unlikely.
Yes of course. Nobody uses an Android phone for things like web surfing. Android phones are for advertising your 1337n355. It's all about having the best specs in the room.
I love how whenever there's an article about malware or security on Android all the losers/apologists crawl out from their hole with the usual excuses: "you have to be an idiot to get malware", "if you stay in Google Play you're OK" or "this is a minor issue".
Right now there are a large number of people who are continually coming up with malware for Android. It's simple numbers. If people weren't getting their devices infected and allowing people to make money (whether through ID theft, premium text messages or other) then there wouldn't be so many people creating new types of malware.
You whiners can yap all you want about what you "think" but the very fact that so many people are creating so many new versions of malware prove that it's a lucrative business. I don't need to listen to your lame excuses about how hard it is to catch something. They are irrelevant.
Wow! Reading comprehension goes out the window when you're blinded by bias.
Anyone who thinks this is a minor threat really needs to get their head examined. This vulnerability affects ALL apps in so much that any UPDATE made to that app regardless of where it was originally installed, can potentially be infected without the operating system knowing. Obviously any curated app store will be immune to this if they are diligent in checking for malware. But a user tricked into an update from another source is at risk and this is the real problem as most users aren't aware of what's happening... this was the biggest problem with most Windows epidemics; clueless users clicking things they shouldn't.
A user could go to a website that's been hacked and a message pops up that looks like a system message, saying something like...
"There is a new version of the Calculator app... Would you like to update?"
Well, how threatening is a calculator app... not at all, most people who didn't realize what was happening would probably click Yes. Then their device would be infected. The same thing could happen from an official looking email.
I'm shocked at the amount of misinformation going around here. I know this is an Apple blog, but please - do some Android research.
1. This does not affect any app in Google Play. Google has already blocked every application that uses this loophole, including updates, per the article.
2. This only applies to side-loaded applications. Which have always been a security risk. Google warns you to the effect when you enable them; which is why I download Avast! if I sideload any applications.
3. Updates are perfectly safe, if you use good developers. And I seriously doubt that any reputable company can simply get "infected" with malware without someone noticing almost instantly. Even IF you don't use major developers all the time, Google catches these things pretty fast - check around the blogosphere historically and you'll see what I mean.
4. Sideloading apps IS important for some, like me. I.e. a game, Plants vs Zombie (botnets), doesn't work on my Nexus 10. But it works on my Galaxy Nexus. So I found the APK online, scanned it, and installed it manually - now it works like a charm!
6. Finally, none of this really matters anyway, because even if Google HADN'T blocked these applications, it would have to be by an app developer deliberately trying to infect you. All the standard apps - Falcon Pro, Gmail, Instagram, Facebook, Google+, and yes - Plants Vs Zombies - are safe.
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
Slightly off topic does how does Google even make any money off Android? It can't be a significant portion of their revenue.
So - according to this, I have to load a compromised app (an app originally signed and distributed by a legitimate developer, then compromised by a rogue). Can someone explain how this is supposed to happen via the app store? Doesn't seem likely.
A user can receive an app as an email attachment on their phone. They could also receive it as an MMS (Multimedia SMS). If the app is signed, clicking it should trigger the install screen.
6. Finally, none of this really matters anyway, because even if Google HADN'T blocked these applications, it would have to be by an app developer deliberately trying to infect you. All the standard apps - Falcon Pro, Gmail, Instagram, Facebook, Google+, and yes - Plants Vs Zombies - are safe.
Oh for the love of god ...
FROM THE LINK *YOU* PROVIDED:
"That's roughly 1.7 times faster than sales of the Galaxy S3 (that's global channel sales, not sales to consumers) at the same point in that device's life cycle."
(emphasis added)
Please: If you're going to attempt to make some point about how someone else was wrong, at least do it with statistics that back up your point, and not those that undermine it entirely.
Slightly off topic does how does Google even make any money off Android? It can't be a significant portion of their revenue.
They don't -- directly.
Google is an advertising company, not a tech company. They make money off of advertising. That's why they give Android away for free: The more devices on which it runs, the more devices that are producing ad revenue for Google (at least in theory; in practice? that's more debatable).
Comments
Quote:
Originally Posted by d4NjvRzf
If android users mostly use their phones as featurephones and don't browse the web much -- as some on these forums have claimed -- this scenario would be quite unlikely.
1. that's not just something some on this forum have claimed... there are numerous statistics to back that up.
2. That's not the point. A link to a download/install can come from anywhere, not just while browsing the web. That was just an example.
Quote:
Originally Posted by AaronJ
Well, I suppose it depends on what you mean by "media." If you mean places like Ars, then it's already there. If you mean the WSJ or NYT, it won't happen. They only talk about problems that Apple (and MS, to a lesser extent) have. I will bet you dollars to doughtnuts that there is no story about this in the WSJ.
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
Quote:
Originally Posted by drblank
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
Seriously, you don't know what "dollars to doughnuts" means? Yeesh, I must REALLY be getting old. It basically means that I would give you great odds in a bet on whatever subject we're discussing.
Eh. I'll believe it when I see it. I doubt anyone outside the insular tech internet "media" will discuss this in the least.
Quote:
Originally Posted by AaronJ
No, it's not one interpretation. I'm sorry, but people who are using Android are using them for much less than people who are using iOS. That's a fact. Do with it what you will.
Well if that were unambiguously true, it sounds this exploit wouldn't actually affect most android users, since they're not likely to get malicious app updates just by making phone calls, texting their friends, or playing the occasional solitaire -- whatever one usually does on featurephones. Unless of course your average user subscribes to non-google play app sources.
Quote:
Originally Posted by drblank
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
It's not as bad as it sounds as there's already safety guards in place (scroll up to read about them). However, the fact that something isn't as bad as it sounds has never stopped the media before. In fact, they love to blow things out of proportion and try to scare people into being afraid of things that aren't nearly the threat they're made out to be.
Maybe DED is becoming a real journalist after all!
Quote:
Originally Posted by d4NjvRzf
Well if that were unambiguously true, it sounds this exploit wouldn't actually affect most android users, since they're not likely to get malicious app updates just by making phone calls, texting their friends, or playing the occasional solitaire. Unless of course your average user subscribes to non-google play app sources.
It IS unambiguously true, as many, many analyses have shown over a long period of time. It's probably also true that this will affect few Android users, for the reasons you state. That doesn't mean it's not important.
Quote:
Originally Posted by DroidFTW
It's not as bad as it sounds as there's already safety guards in place (scroll up to read about them). However, the fact that something isn't as bad as it sounds has never stopped the media before. In fact, they love to blow things out of proportion and try to scare people into being afraid of things that aren't nearly the threat they're made out to be.
Maybe DED is becoming a real journalist after all!
Oh, get lost. You're not even a good troll.
Also:
"[Update: a report by Computerworld notes that Samsung has included a patch rectifying the issue for one device: its flagship Galaxy S4. The article noted Forristal as saying that "Google has not released patches for its Nexus devices yet, but the company is working on them."]."
Wouldn't that mean that all devices besides the S4 (back to 1.6 or whatever they said) are vulnerable, regardless of the App Store users access? Not sure how many that leaves, but some storage boxes in a warehouse somewhere are safe...
Quote:
Originally Posted by drblank
Does this affect all of the new Gingerbread phones?
They make phones out of gingerbread? Xmas isn't for another 5 months.
Quote:
Originally Posted by DroidFTW
In fact, they love to blow things out of proportion
You mean like...antennagate? Mapgate?
Quote:
Originally Posted by d4NjvRzf
If android users mostly use their phones as featurephones and don't browse the web much -- as some on these forums have claimed -- this scenario would be quite unlikely.
Yes of course. Nobody uses an Android phone for things like web surfing. Android phones are for advertising your 1337n355. It's all about having the best specs in the room.
I love how whenever there's an article about malware or security on Android all the losers/apologists crawl out from their hole with the usual excuses: "you have to be an idiot to get malware", "if you stay in Google Play you're OK" or "this is a minor issue".
Right now there are a large number of people who are continually coming up with malware for Android. It's simple numbers. If people weren't getting their devices infected and allowing people to make money (whether through ID theft, premium text messages or other) then there wouldn't be so many people creating new types of malware.
You whiners can yap all you want about what you "think" but the very fact that so many people are creating so many new versions of malware prove that it's a lucrative business. I don't need to listen to your lame excuses about how hard it is to catch something. They are irrelevant.
1. This does not affect any app in Google Play. Google has already blocked every application that uses this loophole, including updates, per the article.
2. This only applies to side-loaded applications. Which have always been a security risk. Google warns you to the effect when you enable them; which is why I download Avast! if I sideload any applications.
3. Updates are perfectly safe, if you use good developers. And I seriously doubt that any reputable company can simply get "infected" with malware without someone noticing almost instantly. Even IF you don't use major developers all the time, Google catches these things pretty fast - check around the blogosphere historically and you'll see what I mean.
4. Sideloading apps IS important for some, like me. I.e. a game, Plants vs Zombie (botnets), doesn't work on my Nexus 10. But it works on my Galaxy Nexus. So I found the APK online, scanned it, and installed it manually - now it works like a charm!
5. @GTR, nice joke - xD but Samsung has 'sold' 20 million Galaxy S4s, apparently. Which is quite a lot, even by Apple's standards.
6. Finally, none of this really matters anyway, because even if Google HADN'T blocked these applications, it would have to be by an app developer deliberately trying to infect you. All the standard apps - Falcon Pro, Gmail, Instagram, Facebook, Google+, and yes - Plants Vs Zombies - are safe.
Quote:
Originally Posted by drblank
What's "dollars to doughnuts" mean, exactly? Yeah WSJ and NYT will cover it. If Google has to send out outdates on all versions of their OS's dating back to 4 year old OSs for this, they will have to release an official Press Release and that will get picked up. This will affect Google's stock if this is as bad as it sounds.
Slightly off topic does how does Google even make any money off Android? It can't be a significant portion of their revenue.
Quote:
Originally Posted by runbuh
So - according to this, I have to load a compromised app (an app originally signed and distributed by a legitimate developer, then compromised by a rogue). Can someone explain how this is supposed to happen via the app store? Doesn't seem likely.
A user can receive an app as an email attachment on their phone. They could also receive it as an MMS (Multimedia SMS). If the app is signed, clicking it should trigger the install screen.
Quote:
Originally Posted by Walkop
5. @GTR, nice joke - xD but Samsung has 'sold' 20 million Galaxy S4s, apparently. Which is quite a lot, even by Apple's standards.
6. Finally, none of this really matters anyway, because even if Google HADN'T blocked these applications, it would have to be by an app developer deliberately trying to infect you. All the standard apps - Falcon Pro, Gmail, Instagram, Facebook, Google+, and yes - Plants Vs Zombies - are safe.
Oh for the love of god ...
FROM THE LINK *YOU* PROVIDED:
"That's roughly 1.7 times faster than sales of the Galaxy S3 (that's global channel sales, not sales to consumers) at the same point in that device's life cycle."
(emphasis added)
Please: If you're going to attempt to make some point about how someone else was wrong, at least do it with statistics that back up your point, and not those that undermine it entirely.
Quote:
Originally Posted by GTR
You are more likely to get a virus if you root her than if you rooted the phone...
Quote:
Originally Posted by malax
Slightly off topic does how does Google even make any money off Android? It can't be a significant portion of their revenue.
They don't -- directly.
Google is an advertising company, not a tech company. They make money off of advertising. That's why they give Android away for free: The more devices on which it runs, the more devices that are producing ad revenue for Google (at least in theory; in practice? that's more debatable).