Poking Holes In Samsung's Android Security 107
Orome1 writes "Tired of waiting for Samsung to fix a string of critical flaws in their smartphones running Android, Italian security researcher Roberto Paleari has decided to inform the public about the seriousness of the matter and maybe make the company pick up the pace. Mindful of the danger that the vulnerabilities present to the users if they are exploited by malicious individuals, he decided not to share any technical details, but to just give a broad overview of what their misuse would allow. This includes a silent installation of highly-privileged applications with no user interaction and an app performing almost any action on the victim's phone."
Learn from the past (Score:3)
The Exynos memory bug (often referred to as ExynosAbuse exploit) was released publicly and fixed rather quickly. This seems to be the way for Samsung - responsible disclosure just doesn't work with them. This has been proven time and again.
Re:Learn from the past (Score:5, Informative)
After some further investigation, it seems all these exploits are fixed in the latest 4.2 leaked firmware for the SGS3, so ... they're actually fixed, just maybe not rolled out yet.
Re: (Score:2)
So you're allowed to use a company supplied Android phone or they just don't allow Android at all?
Re: (Score:1)
Re: (Score:2)
and a Jailbroken iPhone which has apps installed from say Cydia which may also provide ways for people to get in or apps to do what they shouldn't do?
My question is if this exploit works with the Allow 3rd party APKs to be installed disabled (like what's on by default on the Samsung phones)
Re: (Score:2)
So do iPhone get random surprise inspections? Whats to stop someone from jailbreaking it after getting approved to use it at work? Sounds like that company will need it's own cell phone police dept.
Re:Learn from the past (Score:5, Insightful)
Yup. And look at the eMMC "Superbrick" defect on many of the GS2 family. Many of those devices had a defect in the eMMC wear leveller such that the chip could be unrecoverably corrupted if you issued a secure erase command to the chip. (Probably about a 5% chance of it happening, it's similar if not identical to the defect that hit some of their desktop SSDs in late 2012). Not even JTAG could bring a "Superbricked" device back to life.
After discovery of exynos-abuse, the only thing standing between Samsung and permanent damage to thousands of devices was the fact that modern blackhats care more about obtaining information (money) than doing damage. Samsung knew about this bug for many months - they were aware of the defect in the eMMC chips as early as Galaxy Nexus prototype development in 2011. Yet they released updates for devices in 2012 with kernels that allowed secure erase through to the eMMC chip. The only safe device was the I9100 - which had MMC_CAP_ERASE removed from the kernel to protect the chip. In June 2012, Samsung publically acknowledged the bug and claimed to be "working hard" on it - in July 2012 they released updates for the I9100 that turned the MMC_CAP_ERASE flag ON, putting those devices in danger.
They had an official fix that blocked only secure erase merged into the mainline Linux kernel in September 2012, but not a single affected device had the fix deployed until 2013. Their "stuff takes time to get through carrier testing" line is bullshit. Sprint FI27 was *built* (as in, testing STARTED not ended) on September 27, 2012 (nearly a month after the official fix had been mainlined), and deployed to customers in early-mid October.
As to the I9100 XWLPM MMC_CAP_ERASE fiasco, Samsung's answer was that the lack of MMC_CAP_ERASE in earlier source code was a mistake and that the source code did not match binaries running on devices (yes, that's right, Samsung's defense was "yeah bitches, we violated the GPL"). The strange thing is, this was one of the cases where Samsung's source actually DID match binaries - not a single I9100 ICS kernel prior to XWLPM and XXLQ5 had MMC_CAP_ERASE turned on. (This was obvious by the fact that no one experienced "Superbrick" on such devices.)
Samsung's stance was that it was an "open source" problem, but the fact is, with a privilege escalation exploit, any malware could permanently destroy many of Samsung's devices to the point where a motherboard replacement (instead of mere JTAG) was required.
In short, Samsung's "SAFE" marketing crap is bullshit. "Samsung Approved for Enterprise" - who did the approval? Samsung! Hardly an independent certification authority.
Re: (Score:2)
You forgot to mention that you need root to issue this command. It's like suddenly panicking because root can overwrite the BIOS or use the ATA password feature to brick your HDD.
Re: (Score:1)
The exynos exploit allowed any application direct write access to all memory (essentially they can become root).
It was pretty serious and they did take their time fixing it. Still I prefer my Android to an iPhone.
There was third party fixes for the exynos exploit as well, but a user shouldn't be expected to know that.
Re: (Score:2)
What part of "Samsung's stance was that it was an "open source" problem, but the fact is, with a privilege escalation exploit, any malware could permanently destroy many of Samsung's devices to the point where a motherboard replacement (instead of mere JTAG) was required."
Exynos-abuse is a perfect example of such an exploit. ANY application could get root access with ZERO user interaction. The very article we are discussing is talking about privilege escalation exploits.
Re: (Score:2)
bah, preview fail. Meant, "what part of that didn't you understand?"
Re: (Score:2)
The only way to prove, and the only thing to do when a developer refuses to fix a bug, is to put the exploit in the wild. This is the only way to prove the exploit actually works in the real world. Until this happens the developer can just say it is a theoretical problem with no practical route to success, and as such does not warrant the resources necessary. One the exploit is wild, however, t
All This, Yet... (Score:1)
I still can't use my phone as a WiFi access point without paying an additional $10-$20 per month.
On the other hand, I doubt that the rhinestone case crowd will care about this much/at all.
Carriers can still detect tethering (Score:4, Informative)
I still can't use my phone as a WiFi access point without paying an additional $10-$20 per month.
That's an ISP problem more than an Android problem. During this transition from 2G to 3G to 4G-lite,* wireless carriers rely on subscribers not using all their monthly megabytes, and subscribers who use multiple devices on one plan tend to use more megabytes per month than subscribers who do not. Even a phone that obeys its owner (that is, one with a custom ROM) can't hide tethering-like behavior unless you run everything through a VPN. Carriers are reported to use traffic to Internet sites that host desktop OS updates, antivirus updates, and desktop application updates as evidence of tethering. By the time you've paid extra for a higher cap and paid extra for a VPN so that the ISP doesn't see what you're visiting, you might as well have paid for the tethering rider.
* "Lite" because LTE isn't really 4G.
Re: (Score:2)
Re: (Score:2)
server at my house
For one thing, running a server at your house requires that your home ISP's terms of service allow running a server accessible from the public Internet. A lot of ISPs don't allow those on home SLAs. For another, when you bounce off a VPN at home, you're still transferring a larger volume of data per month when you tether than when you don't. How did you manage to work through those issues?
The cost of avoidance (Score:2)
Re: (Score:2)
If you're still on Verizon unlimited then this is the case (unless you root). If you're on a 2 or 4 gig then you should raise hell and threaten to contact the FCC.
Re: (Score:2)
Apple's released 3 updates to iOS 6 already in the span of a month or so... and supposedly even the passcode bug isn't complet
Re: (Score:2)
Look at some of the smaller names in phones, the blu phones are decently priced, use unmodified android, have decent specs too.
Samsung image tarnished with Android (Score:4, Interesting)
Say what you will about Apple & the iPhone, but I appreciate the tight integration of OS & hardware and their desire to provide a consistent & reliable user experience. I own and use a (Sprint) Samsung Galaxy S2 Epic 4G Touch, and it was a series of broken promises on ever getting ICS. When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz." Great, that wasn't what I was sold when I purchased the device. I want android, not Samsung's half-baked, bug-filled, garbage-software-filled version of it.
Eventually, I rooted and installed JB, because Samsung sure as heck wasn't going to do that. And then, as you venture deeper into the rooting environment, you find out a bunch of hardware/software issues directly caused by Samsung, including but not limited the EMMC super-brick bug. These security issues in TFA are just more of the same. For me, their handling of their android phones and my experience with them has tarnished their image across their entire product fleet. Will I buy a Samsung brand washer/dryer? There's a lot of digital tech in even washing/drying machines nowadays. Before this, their name wasn't an issue. Now, maybe I consider some other brand.
Already tarnished for me (Score:2, Offtopic)
I swore off Samsung a few years ago when the 2.5 year old HDTV I had paid $1400 for died, and they wanted as much to repair it as a new TV would cost. Their products are shoddily made, and they don't stand behind them. They could produce the snazziest Jesus phone on the market and I wouldn't touch it with a ten foot poleaxe.
Re: (Score:2)
Given your animosity, I say you would want to touch it with a ten foot poleaxe.
Re: (Score:2)
are you one of these crazy old people who still repairs stuff?
always cheaper to buy new these days. and a lot of times you can buy a better TV or whatever for the price to repair or replace
Re: (Score:3)
It's currently the trend to throw things out and replace them but it's not particularly environmentally responsible.
Re: (Score:2)
It's currently the trend to throw things out and replace them but it's not particularly environmentally responsible.
And repair isn't economically viable, so make your choice.
Re: (Score:2)
If I ran the world (and I really think I should), I would make manufacturers responsible for environmentally responsible disposal of their products, making it more worthwhile to repair things.
Re:Already tarnished for me (Score:5, Interesting)
are you one of these crazy old people who still repairs stuff?
I am. I have a ~7 year old Samsung 1600x1200 monitor that still looks nice. I like this form factor, and it's hard to get in these days of HDTV LCDs. Unfortunately, Samsung was known for using shoddy capacitors in that time period, and a few years ago my monitor started blacking out shortly after power up.
I found a video on YouTube where they showed how to fix my exact model, and I fixed mine with $5 of new caps. Now it's still going strong.
Re:Already tarnished for me (Score:5, Informative)
it would be hard to find someone who does NOT use cheap 'china caps' inside instead of proper panasonic (japan) or nichicon or any of the other *reliable* electrolytic makers.
badcaps.net is informative for those that have not heard of this 15+ yr old problem in the parts industry. worldwide! china fucked the world on this and we're still paying with blown caps on nearly everything that uses them.
buy the parts from known places (digikey, mouser, newark, jameco, etc) and you'll get guaranteed real parts, not fakes. even the vendors who build boards tend to use fake caps (bad formula) and they last about a year before they fail.
Re: (Score:1)
This is mixing the circa 2000 bad cap plague with the circa 2007 problem. The difference doesn't summarize easily, but for the interested there's a pretty reasonable attempt at wikipedia.
http://en.wikipedia.org/wiki/Capacitor_plague [wikipedia.org]
Both have some overlap with, but are not the same thing as, the problem of fake parts. These days automated x-ray machines that run through your reels of components looking for fakes are pretty common. Things are bad. Digi-mouser et al do try hard and are good about returns, but
Re: (Score:2)
Are you one of those thoughtless young people who throws stuff away when it no longer satisfies your whims?
Re: (Score:1, Flamebait)
I swore off Samsung a few years ago when the 2.5 year old HDTV I had paid $1400 for died, and they wanted as much to repair it as a new TV would cost. Their products are shoddily made, and they don't stand behind them. They could produce the snazziest Jesus phone on the market and I wouldn't touch it with a ten foot poleaxe.
True, but much of the same could be said about Apple.
IIRC Apple's 30" $3000+ monitor shipped with a 1 year warranty (seriously?!). Apple has also, going on for years and years, routinely offered customers to pay extra upfront for warranty/insurance beyond the first year in markets where the law says you have to have more than 1 year of warranty on electronics.
Apple Jesus is a bit like Catholic Jesus. They know you'll come back even if you occasionally a**rape some of them...
Re:Already tarnished for me (Score:4, Insightful)
Funny how in a thread about Samsung, someone must come out and say "but Apple also sucks" like this then makes it all better.
And comparing Apple to rape is a bit much, isn't it?
And all the idiot moderators that modded this interesting, WTF are you smoking?
Re: (Score:2)
Okay, I have to say in retrospect I am sorry if anyone who's actually been the victim of or otherwise afflicted by rape read my comment and felt that it diminished their suffering.
The thing is though, any discussion about the merits and flaws of one company's offering is always going to become about that and it's competition and Apple is a company that should expect harsh criticism, not so much for it's practices in the west, but for the repeated allegations that it has been looking aside from what's happen
Re: (Score:3)
Then perhaps you should educate yourself first before making allegations that are untrue? Apple has raised working conditions at their factories far above most others.
You can do a simple google search and find articles and interviews where factory workers are bitching about not being able to work overtime - a lot of them work for 3-4 years, and take their savings back to their village and can start their own small business, buy a home, and get married.
Just a comparison - in China, an Apple factory worker m
Re: (Score:2)
Well, my understanding is that the working conditions have improved from outright dangerous to merely bad, which is par for the course in poor countries (and arguably better than subsistence agriculture) but certainly not something to be proud of for a market leading company with a profit margin above 20%.
Where did you find the salary figures? I guess $700 would be about median wage in China, which would be fantastic for a manual worker, but I doubt anyone who works at the factory floor actually makes anywh
Re: (Score:2)
Why should Apple pay more for a worker to insert a chip into a motherboard, when every other company already pays substantially less than Apple?
Re: (Score:2)
A little googling gets you the following links:
http://www.worldsalaries.org/china.shtml [worldsalaries.org]
An engineer or a programmer makes $252/month on average. Are you shitting me that a factory worker making $275/month AT ENTRY LEVEL is worse off?! Entry Level. Starts at $275/month. Makes *more* money than a programmer or an engineer.
Please stop it with your assumptions and "$700 is the median wage" bullshit.
http://www.reuters.com/article/2012/03/30/apple-foxconn-workers-idUSL3E8EU4I820120330 [reuters.com]
http://www.marketplace.org [marketplace.org]
Re: (Score:2)
Re:Already tarnished for me (Score:4, Informative)
I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.
Re: (Score:3)
I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.
Ditto for our 5 year old (at the time) 52" Samsung LCD TV. It wasn't quite the next day, but definitely within a week of us calling them they had a local contractor come by, and he fixed it right in our living room in about an hour, soldering and all. No bill for us, because it was a known capacitor issue, and it's worked great ever since.
That's a big part of why our new 65" LED is also a Samsung :o)
Re: (Score:2)
Based on my experience, Samsung pushed back on capacitor repairs pretty hard until they lost the class action suit.
http://www.samsung.com/us/capacitorsettlement/
By the time they were "willing" to assist I had already replaced the capacitors. How very customer oriented of them...
Ah, I didn't know that. Interesting. I guess we were just lucky that ours failed later in the game...sorry to hear about your troubles with the same issue.
Re: (Score:2)
I had problems start with my Samsung TV. It would take 10 minutes to turn on. Just sit there clicking on, off, on, off. I called Samsung and it was a known problem. They contacted a local repair shop and had the shop come out to my house and fix it THAT NIGHT. Zero cost to me.
Similar problems with my Samsung monitor - it has serious issues switching between input sources (HDMI, D-SUB) and sometimes would get confused to where it required a shutoff and cooldown for a few min before reuse - a major pain switching between my work and home laptops which use different sources respectively.
Re: (Score:2)
Re: (Score:3)
I swore off Samsung a few years ago when the 2.5 year old HDTV I had paid $1400 for died, and they wanted as much to repair it as a new TV would cost. Their products are shoddily made, and they don't stand behind them. They could produce the snazziest Jesus phone on the market and I wouldn't touch it with a ten foot poleaxe.
I agree that a TV should not fail after 2.5 years but Samsung's warranty on TVs is for 1 year, similar to all other manufacturers. Name me one TV manufacturer that would fix a 2.5 year old TV for free? You do realize that TVs are deliberately built to last 3 to 5 years? and that it has cost more to repair a TV than buying a new one for the last 10 years or more? and you blame Samsung because you gambled on the manufacturers warranty and lost?
The warranty period on all electronics has been reduced to s
Re: (Score:3)
"I agree that a TV should not fail after 2.5 years but Samsung's warranty on TVs is for 1 year, similar to all other manufacturers. Name me one TV manufacturer that would fix a 2.5 year old TV for free? You do realize that TVs are deliberately built to last 3 to 5 years? and that it has cost more to repair a TV than buying a new one for the last 10 years or more? and you blame Samsung because you gambled on the manufacturers warranty and lost?"
In New Zealand, we have a little law called "The Consumer Guaran
Re: (Score:2)
"I agree that a TV should not fail after 2.5 years but Samsung's warranty on TVs is for 1 year, similar to all other manufacturers. Name me one TV manufacturer that would fix a 2.5 year old TV for free? You do realize that TVs are deliberately built to last 3 to 5 years? and that it has cost more to repair a TV than buying a new one for the last 10 years or more? and you blame Samsung because you gambled on the manufacturers warranty and lost?"
In New Zealand, we have a little law called "The Consumer Guarantees Act" which means that even if a manufacturer only puts a 1 year guarantee on a TV, it is expected to last a fair and reasonable time for a device costing upwards of $1000 and that means (in the eyes of the law) ten years.
After reading your post, I did some research and found this on ConsumerReports.org. They say that there is an implied warranty on most items of 4 years in the US. However, you may have to sue to assert your rights. Even so, it's obvious that some countries have much stronger consumer protection laws than the US.
- - -
Your refrigerator dies three months after the manufacturer's warranty expires. The store and manufacturer say you have to pay to get it fixed.
The law
The Uniform Commercial Code, fully adopted
Re: (Score:3)
I don't like Touchwiz either, but you can install a replacement launcher from the market. Apex Launcher is based on the stock android launcher. Works fine for me.
Touchwiz is not solely the launcher; it's the ROM. It's the Samsung experience.
Look for Nexus (Score:5, Insightful)
When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz."
Lesson learned: If you want a full-baked true Android experience, always look for the word "Nexus".
Re:Look for Nexus (Score:4, Insightful)
Lesson learned: If you want a full-baked true Android experience, always look for the word "Nexus".
Agreed, that is the lesson I've learned.
Re: (Score:1)
And who makes the best Nexus devices...
Re: (Score:2)
Currently - LG and Asus.
Re: (Score:2)
Took me 3 attempts to get a working nexus 7. I know several other people who had identical problems. Shit build quality and testing. Google's customer support in the UK is shit too, as is the courier company they use. I understand you can actually buy nexus 4s here now though. Let's hope the battery, NFC and touch screens work on them.
Re: (Score:2)
I admit I still need to return my Nexus7, headphone jack is busted. Other than that it's perfect.
My Nexus 4 has no issues, but I was not one of the people who joined in on the launch day zerg - mine was ordered sometime in Jan or Feb.
First few batches of any device are almost always problematic.
Re: (Score:1)
I got a Samsung UE40ES6710 Smart TV and once again the problem is the software. It's ridiculously buggy. It's not uncommon having to reboot it... Reboot a fucking TV!!!
Re: (Score:2)
Never ever ever buy a smart TV.
TVs should be beautiful and dumb as dirt. They should be like a computer monitor: turn on when they sense a video signal. That's all the smarts they need.
Seriously, why would anyone ever want to build things like Netflix streaming and who-knows-what-else into a TV? What happens next year when you want to switch to Amazon's service, or Google's, or Apple's, or...? And your TV doesn't support it? What, buy a new TV??
You think a TV manufacturer is going to be Johnny On The
Re: (Score:2)
When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz."
Welcome to EVERY non Nexus phone buddy. If you don't like it then root it and put CM10.x on the device.
I will admit, Touchwiz is better then HTC Sense.
Re: (Score:1)
I own and use a (Sprint) Samsung Galaxy S2 Epic 4G Touch, and it was a series of broken promises on ever getting ICS.
Ever tried another Android device like Motorola, HTC, Sony, Acer, Asus, Amazon, Barnes & Noble, Toshiba, or ViewSonic? All of them add their own crap to Android to differentiate themselves instead of focusing on the hardware and updates. They all promise to do updates and then never deliver. It would be much easier if they did not spend all their time developing things to replace core features of Android (Samsung and their crappy SMS replacement with custom Applesque "notifications"). The fact that
Re: (Score:2)
Having bought a few pieces of Samsung gear myself, I'm not in the least surprised. It was a blu ray player that did it for me - they pushed out a firmware update that knocked the sound out of sync and then didn't release a fixed one. Ever as far as I know because I got sick of waiting months and not being able to watch a film so I returned the player, it was replaced with another of the same model which didn't have the audio sync problem until I tried to play a new BD and then it insisted I had to update
Re: (Score:2)
When finally rolled out, it wasn't the true android experience, but some half-baked Samsung-proprietary interface aka "Touchwiz." Great, that wasn't what I was sold when I purchased the device. I want android, not Samsung's half-baked, bug-filled, garbage-software-filled version of it.
Erm nice try, but let me educate you a bit. Touchwiz is the home launcher and app drawer interface. It has nothing to do with the underlying Android system and is simply the app that shows you the home screen. EVERY Samsung phone uses Touchwiz including the ones running Bada instead of Android. This is what you're paying for when you buy a Samsung phone.
This is what you pay for when you buy a Samsung phone, value added features. Samsung had face detect before it was rolled into Android 4. Samsung had voice
Moral of the story (Score:3)
the network carriers approve a security patch seems to be a very, VERY, long time!
Do not use ROMs dependent on the carriers.
Prepaid carriers lock too (Score:2)
you will pay the rest over the course of your contract
What contract? I'm on Virgin Mobile, and despite having paid for a phone up front, I still can't take it to another carrier.
Re: (Score:3)
The problem is, even Samsung's unlocked devices purchased at direct retail without subsidy take forever to see security/bug fixes.
Re: (Score:3)
Want a fine approximation of freedom? Buy T-Mo's Galaxy S2 off contract and get a pay as you go service from them. I've had a custom ROM since day 2, they unlocked my phone's carrier lock on day 60, by request, and have generally been extremely helpful. Also, since I did some research and got a model with documentation, I've had 4.2.2 for weeks now. Using the stock ROMs, with carrier modifications, is the problem.
Re: (Score:2)
Re: (Score:2)
Flaws in the system (Score:5, Insightful)
"any patches [Samsung] develops must first be approved by the network carriers."
Well there's your problem. if I had to call up my ISP every time I wanted to patch windows I'd be screwed.
CDMA2000 is the problem (Score:5, Informative)
Re: (Score:1)
PCs don't require, yet, the user to bring in the computer to have it reprogrammed to use a different ISP. CDMA2000 without CSIM, the typical setup on U.S. prepaid carriers such as Ting and Page Plus, does.
FTFY. Give them enough time and the trend will eventually spread to tablets, netbooks, laptops and (why not?) even desktops.
Re:CDMA2000 is the problem (Score:5, Insightful)
All of these issues, carrier lock, Cdma reprogramming and carrier approval of roms, and unpatchrd bugs have one root. The fact that most people do npt care as long as the can make phone calls, email, and whatever their app du jour is. We that care about security,openness and gpl, getting software updates in a timely fashion, we are a small fraction of the market and no matter how vocal we are here,we are no threat to profit. You, the earlybadopter, the bleeding edge techie, you have been marginilized by greed. Welcome to now.
Re: (Score:3)
Well, this is because the carriers all want to make sure to inject their own shit to monetize everything.
The carriers want to put on their stuff to sell you ring tones, apps, and generally make sure your bill is as high as they can manage.
They don't care about your security. On my HTC Android phone, I had to go through and disable a lot of the crap my carrier put in because I was never going to use it
Re: (Score:1)
Re: (Score:2)
Part of the problem also comes from the support model. If you have a problem with Windows or your Dell PC, you don't call your ISP and expect them to resolve it.
Yet in the phone world, if you have a problem with Android or your Samsung hardware you call Verizon/Sprint/etc.
The last two (European) carriers I worked for would have more than happily passed handset customer support to the OEMs but, unsurpris
Good thing Samsung is based in South Korea... (Score:1)
Re: (Score:2)
Revealing security flaws in Western businesses is automatic jail time lately...
Yeah, they've really worked hard to round up the evasi0n team...
Re: (Score:1)
Oh yeah, Android users are the ones installing custom ROMs to make their cellphones work but I'm the troll. Fuck you, shithead moderator.
Re: (Score:1)
1- Android is linux
2- You have to review the permission before installing the app, don't want a flash light to access the internet, get one that doesn't request it. In some custom ROMs you can even revoke permissions (it is totally unsupported and make a lot of apps crash but it is possible).
3- In most linux distributions, apps are usually installed with full root access and run with all user privileges. Much worse that Android.
4- On Samsung (and many others) android phones, you can run custom ROMs, which m
Android Security? (Score:1)
Most users do not have an updated version of Android to update to that is made available from their carriers.
Trend Micro’s mobile app reputation service has analyzed over 2 million mobile app samples collected from around the world and 293,091 of them have been classified as outright malicious. Almost 69,000 of those were sourced directly from Googl
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
I dabble in Android security myself, I just want to point out that every single app I have encountered that Trend Micro flagged has been a false positive warning about an exploit that isn't actually present. The cause of this appears to be that those apps include files or snippets of code also used by some well known exploits, but by themselves are not harmful. Rookie mistake.
Note that if you search well, you will find various security folk slamming Trend Micro all over the place. As such, I wouldn't put to
Tinfoil Hat time (Score:2)
And yet (Score:2)
it's necessary to root your phone in order to change the hosts file.