Guest Colossae3.23 Posted July 4, 2013 Report Share Posted July 4, 2013 Since I've been living in WP8 land, I came across this, and thought it would be good for people to know. If it ain't true, please accept my apologies. If it is, here's hoping the devs on here can patch this on the all custom roms that on the forum. http://www.neowin.net/news/major-security-flaw-found-in-android-code-oems-working-on-a-fix Link to comment Share on other sites More sharing options...
Guest sharkyo01 Posted July 4, 2013 Report Share Posted July 4, 2013 Sounds scarey... Cannot see why it is not true. But I would hope it would get more coverage if this is true. e.g. BBC, ITN etc Link to comment Share on other sites More sharing options...
Guest joandrade Posted July 4, 2013 Report Share Posted July 4, 2013 This will only affect you if you side load apks to replace system apps. Calm down Link to comment Share on other sites More sharing options...
Guest sharkyo01 Posted July 4, 2013 Report Share Posted July 4, 2013 (edited) This will only affect you if you side load apks to replace system apps. Calm down I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely. Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that... Edited July 4, 2013 by sharkyo01 Link to comment Share on other sites More sharing options...
Guest joandrade Posted July 4, 2013 Report Share Posted July 4, 2013 I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely. Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that... Yes, this is getting really blown out of proportion. I suggest you read this comment on the link gizmodo posted on facebook: "This security exploit is not new and in fact has been used in a different way by ROM makers to mod system apps without breaking the signature that allows these apps to run with system level permissions. An APK (container for apps) is essentially just a signed zip file (rename an apk to zip and see for yourself). Devs use tools to decompile and recompile the code located in the classes.dex file inside the apk. (I've done this a few times myself as well.) In other words, Android developers who mod apps have known about this for a long time. This is just FUD. You still have the issue of having to enable side loading and then install the new malicious system APK over it - the Android installer even says "This will replace a system app". This is only taking advantage of dumb users. No different than Trojans on Mac OS X, which oddly enough many downplayed the significance of for the very same reason." (https://www.facebook...151693994398967) Link to comment Share on other sites More sharing options...
Guest Colossae3.23 Posted July 4, 2013 Report Share Posted July 4, 2013 Sorry for the fuss, lads. To be honest, it is coming from a windows focused website, and they could be leaving things out; either due to ignorance or just to say something bad about the competition ... Link to comment Share on other sites More sharing options...
Guest joandrade Posted July 4, 2013 Report Share Posted July 4, 2013 It's alright, I'm just trying to share the information so people can understand what's really going on Link to comment Share on other sites More sharing options...
Guest george109 Posted July 9, 2013 Report Share Posted July 9, 2013 I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely. Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that... This is a very common thing! Please check your permissions, if a game wants to call phone numbers, or send messages then alarm bells should be ringing as it does not need to as to bill it can use the google play billing service! Link to comment Share on other sites More sharing options...
Guest mnirun Posted July 16, 2013 Report Share Posted July 16, 2013 Here is an universal patch solution using Xposed framework, tested with my G300. [FIX][XPOSED][4.0+] Universal patch for "Master Key" + "Bug 9695860" vulnerabilities Before patch. After patched: Link to comment Share on other sites More sharing options...
Guest denzele Posted July 16, 2013 Report Share Posted July 16, 2013 (edited) Well Google made a fix/patch for this back in February apparently when no one didn't even know about this..but just for Google phone/tablet..Cyanogen team's working on patch soon for new update..for all others roms search "Rekey" app in Playstore and patch this bug so stay safe and do it fast..must have a root of course.. Read here..http://www.androidpolice.com/2013/07/16/new-app-duo-security-releases-rekey-master-key-vulnerability-patch-for-rooted-android-users-still-waiting-on-their-carriers/ Edited July 17, 2013 by denzele Link to comment Share on other sites More sharing options...
Guest sharkyo01 Posted July 16, 2013 Report Share Posted July 16, 2013 And vodafone are still sitting on there Larry's... Good work! Link to comment Share on other sites More sharing options...
Guest denzele Posted July 16, 2013 Report Share Posted July 16, 2013 For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some. About this app "Rekey" it"s trusted app developer team so should work fine. Link to comment Share on other sites More sharing options...
Guest sharkyo01 Posted July 21, 2013 Report Share Posted July 21, 2013 For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some. About this app "Rekey" it"s trusted app developer team so should work fine. Do "rekey" and the "universal patch for master key" do the same thing. I have both running on my phone just trying to work out what one I really need or can i get away with just using one? Link to comment Share on other sites More sharing options...
Guest denzele Posted July 28, 2013 Report Share Posted July 28, 2013 I guess they do. I'm only running Rekey . Really up to you which one you want to use or trust . Link to comment Share on other sites More sharing options...
Guest sharkyo01 Posted July 29, 2013 Report Share Posted July 29, 2013 Thanks for the reply I am going to stick with Rekey as it is a far better app imo. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now