• Announcements

    • Reminder - MoDaCo position on illegal content   07/30/15

      ILLEGAL CONTENT I'd like to just reaffirm MoDaCo's position regarding piracy and illegal content in the light of some recent questions / postings. Posts will be censored by myself or my moderation team if the contain or link to: Illegal / pirated / cracked software or sites that host such softwareNintendo emulators / ROMs or sites hosting them (in light of Nintendo's legal stance)CUSTOM ROMS You may discuss and post links to custom device ROMs on MoDaCo, provided the following rules are adhered to: ROMs must not contain any illegal 3rd party software (this includes trial versions included without permission)ROMs must give full credit to the original authorISSUES If you have any issues with this policy, please contact PaulOBrien directly via PM.
    • Reminder: Selling items on the forum directly is not allowed   07/30/15

      Please note that selling items on the forum directly is not allowed by the forum rules. There is a forum for eBay auctions whereby you can list the items on eBay and link to them there. This is the ONLY forum for this type of activity. You may also advertise links to the eBay forum in your signature. Please note that selling directly in contravention of these rules will result in a warning / suspension / ban.

900 million androids effected!?

15 posts in this topic

Posted · Report post

Since I've been living in WP8 land, I came across this, and thought it would be good for people to know.

If it ain't true, please accept my apologies.

If it is, here's hoping the devs on here can patch this on the all custom roms that on the forum.

http://www.neowin.net/news/major-security-flaw-found-in-android-code-oems-working-on-a-fix

0

Share this post


Link to post
Share on other sites

Posted · Report post

Sounds scarey... Cannot see why it is not true.

But I would hope it would get more coverage if this is true. e.g. BBC, ITN etc

0

Share this post


Link to post
Share on other sites

Posted · Report post

This will only affect you if you side load apks to replace system apps. Calm down

0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

This will only affect you if you side load apks to replace system apps. Calm down

I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely.

Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that...

Edited by sharkyo01
0

Share this post


Link to post
Share on other sites

Posted · Report post

I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely.

Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that...

Yes, this is getting really blown out of proportion. I suggest you read this comment on the link gizmodo posted on facebook:

"This security exploit is not new and in fact has been used in a different way by ROM makers to mod system apps without breaking the signature that allows these apps to run with system level permissions.

An APK (container for apps) is essentially just a signed zip file (rename an apk to zip and see for yourself). Devs use tools to decompile and recompile the code located in the classes.dex file inside the apk. (I've done this a few times myself as well.)

In other words, Android developers who mod apps have known about this for a long time. This is just FUD. You still have the issue of having to enable side loading and then install the new malicious system APK over it - the Android installer even says "This will replace a system app".

This is only taking advantage of dumb users. No different than Trojans on Mac OS X, which oddly enough many downplayed the significance of for the very same reason."

(https://www.facebook...151693994398967)

0

Share this post


Link to post
Share on other sites

Posted · Report post

Sorry for the fuss, lads. To be honest, it is coming from a windows focused website, and they could be leaving things out; either due to ignorance or just to say something bad about the competition ...

0

Share this post


Link to post
Share on other sites

Posted · Report post

It's alright, I'm just trying to share the information so people can understand what's really going on

0

Share this post


Link to post
Share on other sites

Posted · Report post

I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely.

Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that...

This is a very common thing! Please check your permissions, if a game wants to call phone numbers, or send messages then alarm bells should be ringing as it does not need to as to bill it can use the google play billing service!
0

Share this post


Link to post
Share on other sites

Posted (edited) · Report post

Well Google made a fix/patch for this back in February apparently when no one didn't even know about this..but just for Google phone/tablet..Cyanogen team's working on patch soon for new update..for all others roms search "Rekey" app in Playstore and patch this bug so stay safe and do it fast..must have a root of course..

Read here..http://www.androidpolice.com/2013/07/16/new-app-duo-security-releases-rekey-master-key-vulnerability-patch-for-rooted-android-users-still-waiting-on-their-carriers/

Edited by denzele
0

Share this post


Link to post
Share on other sites

Posted · Report post

And vodafone are still sitting on there Larry's... Good work!

0

Share this post


Link to post
Share on other sites

Posted · Report post

For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some.

About this app "Rekey" it"s trusted app developer team so should work fine.

0

Share this post


Link to post
Share on other sites

Posted · Report post

For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some.

About this app "Rekey" it"s trusted app developer team so should work fine.

Do "rekey" and the "universal patch for master key" do the same thing. I have both running on my phone just trying to work out what one I really need or can i get away with just using one?

0

Share this post


Link to post
Share on other sites

Posted · Report post

I guess they do. I'm only running Rekey . Really up to you which one you want to use or trust .

1

Share this post


Link to post
Share on other sites

Posted · Report post

Thanks for the reply I am going to stick with Rekey as it is a far better app imo.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

MoDaCo is part of the MoDaCo.network, © Paul O'Brien 2002-2015. MoDaCo uses IntelliTxt technology.