Hacker News new | past | comments | ask | show | jobs | submit login
Major app vulnerability that could affect 99% of Android devices unearthed (thenextweb.com)
27 points by Libertatea on July 4, 2013 | hide | past | favorite | 15 comments



Not affecting Play Store apps so it's really irrelevant. If you try to download an app without paying or knowing the source of it you probably deserve a virus. ;) It's like if you get some knock off drug off the internet and gives you more trouble than gain... would you blame the pharma company?


Not entirely irrelevant. From what I've read, downloading directly from the Play Store has been taken care of. That probably also means the Play Store / Play Services verifier for sideloaded apps is checking for this exploit.

That being said people who use other app stores and don't have Play Services (e.g. Kindle Fires, Chinese devices, etc.) probably have some legitimate room for concern (at least until those stores are in the loop and are taking countermeasures). Of course that's nowhere near 99% of Android devices, but why let the facts get in the way of a good headline?


https://news.ycombinator.com/item?id=5987097


This could be a problem for all the custom rom guys installing Gapps/play store apk's. Many Chinese manufacturers dont get access to official google apk either


ugh, another sensationalistic news story

edit: Yeah. There's no way this affects 99% devices, because 99% people won't bother downloading apps from non-Play sources.


Exactly.

Read my comment I left there couple days ago. https://news.ycombinator.com/item?id=5976087


Looks like a good try to force Android users to use only Google Play. "...perhaps via a third-party app store or fake app links."


Are Android apks converted to BlackBerry 10 bars still vulnerable?


So, if I get this right, it's a bug which could be used as a feature by Google to work more effectively with the NSA.

(It doesn't sound too far fetched to me, since we know that the NSA has even installed hardware at companies like Google.)

EDIT: to the downvoters: if you downvote, say what you don't find ok. Is it the critical thinking part?


> since we know that the NSA has even installed hardware at companies like Google

you do? I never heard of such thing - can you tell more?


I know, it's not easy to keep up with all these revelations coming out every day...

Here you go: http://gigaom.com/2013/06/29/new-prism-slides-say-the-progra...


These slides are not nearly as clear-cut as you imply:

http://www.techdirt.com/articles/20130701/00444723675/newly-...


Well, yeah, in the end it all comes down to who you're willing to trust. So it's everyone's personal choice.

Personally, the only "web company" I'm willing to trust, is Mozilla. And that's probably the result of the fact that they're not-for-profit. And that fact eliminates a great deal of potential for corruption.


Mozilla gets all their funding from Google


No, you got it wrong. Google isn't going to intentionally trojan your phone for a myriad of reasons.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: