Guest Colossae3.23 Posted July 4, 2013 Report Posted July 4, 2013 Since I've been living in WP8 land, I came across this, and thought it would be good for people to know. If it ain't true, please accept my apologies. If it is, here's hoping the devs on here can patch this on the all custom roms that on the forum. http://www.neowin.net/news/major-security-flaw-found-in-android-code-oems-working-on-a-fix
Guest sharkyo01 Posted July 4, 2013 Report Posted July 4, 2013 Sounds scarey... Cannot see why it is not true. But I would hope it would get more coverage if this is true. e.g. BBC, ITN etc
Guest joandrade Posted July 4, 2013 Report Posted July 4, 2013 This will only affect you if you side load apks to replace system apps. Calm down
Guest sharkyo01 Posted July 4, 2013 Report Posted July 4, 2013 (edited) This will only affect you if you side load apks to replace system apps. Calm down I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely. Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that... Edited July 4, 2013 by sharkyo01
Guest joandrade Posted July 4, 2013 Report Posted July 4, 2013 I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely. Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that... Yes, this is getting really blown out of proportion. I suggest you read this comment on the link gizmodo posted on facebook: "This security exploit is not new and in fact has been used in a different way by ROM makers to mod system apps without breaking the signature that allows these apps to run with system level permissions. An APK (container for apps) is essentially just a signed zip file (rename an apk to zip and see for yourself). Devs use tools to decompile and recompile the code located in the classes.dex file inside the apk. (I've done this a few times myself as well.) In other words, Android developers who mod apps have known about this for a long time. This is just FUD. You still have the issue of having to enable side loading and then install the new malicious system APK over it - the Android installer even says "This will replace a system app". This is only taking advantage of dumb users. No different than Trojans on Mac OS X, which oddly enough many downplayed the significance of for the very same reason." (https://www.facebook...151693994398967)
Guest Colossae3.23 Posted July 4, 2013 Report Posted July 4, 2013 Sorry for the fuss, lads. To be honest, it is coming from a windows focused website, and they could be leaving things out; either due to ignorance or just to say something bad about the competition ...
Guest joandrade Posted July 4, 2013 Report Posted July 4, 2013 It's alright, I'm just trying to share the information so people can understand what's really going on
Guest george109 Posted July 9, 2013 Report Posted July 9, 2013 I can not see over 900 million android users slide loading apk's. So I blow that out of the water completely. Thinking about this I remember hearing a radio show talking about android apps that are on the play store that hackers are loading code into signature apps to call premium rate numbers. Wonder if this is anything to do with that... This is a very common thing! Please check your permissions, if a game wants to call phone numbers, or send messages then alarm bells should be ringing as it does not need to as to bill it can use the google play billing service!
Guest mnirun Posted July 16, 2013 Report Posted July 16, 2013 Here is an universal patch solution using Xposed framework, tested with my G300. [FIX][XPOSED][4.0+] Universal patch for "Master Key" + "Bug 9695860" vulnerabilities Before patch. After patched:
Guest denzele Posted July 16, 2013 Report Posted July 16, 2013 (edited) Well Google made a fix/patch for this back in February apparently when no one didn't even know about this..but just for Google phone/tablet..Cyanogen team's working on patch soon for new update..for all others roms search "Rekey" app in Playstore and patch this bug so stay safe and do it fast..must have a root of course.. Read here..http://www.androidpolice.com/2013/07/16/new-app-duo-security-releases-rekey-master-key-vulnerability-patch-for-rooted-android-users-still-waiting-on-their-carriers/ Edited July 17, 2013 by denzele
Guest sharkyo01 Posted July 16, 2013 Report Posted July 16, 2013 And vodafone are still sitting on there Larry's... Good work!
Guest denzele Posted July 16, 2013 Report Posted July 16, 2013 For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some. About this app "Rekey" it"s trusted app developer team so should work fine.
Guest sharkyo01 Posted July 21, 2013 Report Posted July 21, 2013 For all others out there with no root on their phone it's really up to their Carrier to deliver patch itself which of course it will take ages with some. About this app "Rekey" it"s trusted app developer team so should work fine. Do "rekey" and the "universal patch for master key" do the same thing. I have both running on my phone just trying to work out what one I really need or can i get away with just using one?
Guest denzele Posted July 28, 2013 Report Posted July 28, 2013 I guess they do. I'm only running Rekey . Really up to you which one you want to use or trust .
Guest sharkyo01 Posted July 29, 2013 Report Posted July 29, 2013 Thanks for the reply I am going to stick with Rekey as it is a far better app imo.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now