Android Has a 4-Year-Old Vulnerability, Affects Most

Status
Not open for further replies.

IAmVortigaunt

Honorable
Mar 7, 2012
102
0
10,680
"It’s up to device manufacturers to produce and release firmware updates for mobile devices (and furthermore for users to install these updates). The availability of these updates will widely vary depending upon the manufacturer and model in question."

Don't hold your breath...
 

velosteraptor

Honorable
Jul 20, 2012
333
0
10,810
I find it Ironic that this security company finds a pretty severe vulnerability that affects close to a billion devices, and by bringing it to googles attention, also brings it to the attention of the worlds hackers. Its more than likely that bringing this vulnerability to light will do much more harm than good, as 90% of android phones will never get an update to fix the vulnerability.

Fragmentation at its finest.
 

sna

Distinguished
Jan 17, 2010
1,303
1
19,660
hey guys , want to know the Vulnerability in all MS windows ? it is inside the stupid Auto Update !

nothing is safe trust me on that. there is a way to fool windows for updates that are malwares ! ALLWAYS.
 

dalethepcman

Distinguished
Jul 1, 2010
1,636
0
19,860
Once again android security blown out of proportion.
"The risk is when users install applications from third-party websites,"

This article is like having a title of "Researchers found a flaw in every apple device in the world, hackers rejoice." When the actual issue involves a usb drive physically connected to the machine.

If you want to keep your phone (and all the data it contains) safe, don't use third party app stores, don't directly download and install APK's.
 

maddad

Distinguished
Feb 22, 2006
179
0
18,680
It always amazes me how you can say something bad about IOS or Windows all day long, but if you say something bad about Android people want to cry foul. Android is not perfect, and it never will be. Just like any other operating system, there will be bugs and hackers will find a way to exploit these bugs. The main problem with Android; is that Google will of course patch any bugs they find, but because of the fragmentation, your phone manufacture may not patch your particular version. "Details of Android security bug 8219321 were responsibly disclosed through Bluebox Security’s close relationship with Google in February 2013," It was reported to Google 5 months ago, plenty of time to issue a patch. One company says it can affect any Android App. Another security company says only third party Apps. Who can we believe? I would say only "Google"! But I haven't seen a response from them yet!
 

ninjustin

Honorable
Apr 3, 2013
51
0
10,630
The problem with this is, there's not really a problem. Only if you call clicking on a random link on a web page and allowing it to download and install apps on your phone a security flaw.

Updates should come directly from the app store you are using and not directly from a site unless you know the source is absolutely trustworthy.

This is basic security on any OS.
 

sundragon

Distinguished
Aug 4, 2008
575
16
18,995


Actually, it's a huge issue for everyone who doesn't use the Google Play store - Most of China and the rest of the world use third party Android stores... Saying this is blown out of proportion is apologizing for Google's huge mistake - Most of the planet doesn't use the Google Play store and unless they bought a Google or Samsung device, there is a snowballs chance in hell they are gonna get an update. Before you can utter "root" that is not an acceptable answer for 99.9% of the Android users who are not techy people... As a matter of pricipal, manufacturers and Google should provide free updates for security to protect their users. Google designed the OS in a flawed manner.

This issue illustrates the broken update system Google chose for Android - I bought a Google Nexus and I recommend Samsung devices for friends who want Android because they are supported.

Android is based on Linux that gets updates all the time. It runs on waaaay more hardware than all the Android handsets put together. Google chose a stupid way to design an OS (No separation of hardware drivers from core OS) and this is what happens. It would be like Dell saying your year old laptop is stuck on Vista and we'll decide when to give you an OS update or security fix... Oh you want an update, buy a new laptop... What, your year old Toyota has a faulty brake line, sorry no recall, you'll have to buy a new Toyota... If this situation was placed in any other customer support example it would be criminal.

FWIW, IOS 7 will work on the iPhone 4, which is now almost 4 years old. It may not have all the bells and whistles but it's more than any 4 year old Android device.

The sad thing is that even if Jelly Bean 4.2.2 has the flaw, it can run on most of your devices with dual core SOCs - which means almost any Android device thats 2-4 years old...

Lame beans and they need to fix this by fixing the core of the issue instead of issuing bandaids - Redesign the way the OS is built so manufacturers can build the drivers but the core OS gets updates regularly.

Google is far from stupid, they just don't want to take on the overhead of managing an OS, which leaves their users high and dry - If MS can do it and ALL the (free open sourced) Linux distributions can do it, the mighty all knowing Google should grow up and do it as well...

P.S. this is the primary reason Android is panned for most intelligence and security uses - there is no proper update system which is utterly unacceptable.
 

olaf

Distinguished
Oct 23, 2011
430
1
18,795
first off , this is OOOOOOOOLLLLLDDDDD news, people been banging this drum since Friday the least if not earlier, second it does't affect you if you stick to the play store and not some shady market or forum for hacked APK's , also if u don't have "unknown sources" selected it does't affect you. Media exaggerating again without stating all the facts.
 

okibrian

Distinguished
Apr 3, 2009
389
0
18,780


Wow!, that was fast. It only took them 4 years to find and fix it.
 

okibrian

Distinguished
Apr 3, 2009
389
0
18,780


Really? Try clicking on that link on any unjail broke iOS device and let me know what happens. Here's a hint, it will not install.
 

sna

Distinguished
Jan 17, 2010
1,303
1
19,660


That's why I am waiting for Ubuntu Phones , I hope they succeed and replace Android.

http://www.ubuntu.com/phone

 

dalethepcman

Distinguished
Jul 1, 2010
1,636
0
19,860


"Most the planet doesn't use the play store." - This is installed by default on EVERY android device. How can you honestly say most the planet doesn't use it? That's like saying most iPhone users don't use iTunes. What planet are you from?

"I bought a Google Nexus and I recommend Samsung devices for friends who want Android because they are supported." - I can tell you with 100% certainty, that Nexus devices receive updates and Samsung (and all other) devices do not with very very few exceptions.

"Redesign the way the OS is built so manufacturers can build the drivers but the core OS gets updates regularly" - The reason android phones don't get updates has nothing to do with drivers, and everything to do with making money. Why would a for profit company want to give its customers free updates, when they have been willing to pay hundreds of dollars for them? The update problem is not so much Google's as they release updates for any vanilla android devices, it is the manufacturer's and carriers as they choose to not update users phones so they will have to buy a replacement device.

Google doesn't care if you buy a new android phone, they make their $'s off you having any android phone. Manufacturers and carriers make their $'s from selling you new hardware and overpriced contracts.

p.s. Android phones are not secure, that's why every security agency uses and approves of them...
cnet
endgadget
CNN
 
Status
Not open for further replies.