Related
http://www.electronista.com/articles/10/11/24/android.data.exploit.fix.may.be.limited.to.23/
Watch the video too--what do you guys think?
xredjokerx said:
http://www.electronista.com/articles/10/11/24/android.data.exploit.fix.may.be.limited.to.23/
Watch the video too--what do you guys think?
Click to expand...
Click to collapse
nope...doesn't worry me
OK, it is a real vulnerability, but because you have to know the file name on the SD card, what is the exploit really stealing? Only if some application stores its files on SD, and names this super secret file the same for everyone. Also, if the file is in plain text, then it is not really super secret to start with.
Real vulnerability, but easily mitigated by encrypted sensitive data. If you lose your phone, you have the same problem - I don't think you can remote wipe an SD card, and the thief could pop it out before you do anyway.
So, no real worry IMO.
Google is aware of the issue but has unusually said that the fix will come only with Android 2.3, or Gingerbread. The company didn't explain why it couldn't or wouldn't patch earlier versions but may leave many devices vulnerable due to the fragmented nature of Android updating, Cannon said.
Click to expand...
Click to collapse
--from the article
Not to defend Samsung because via my experience with the captivate it has confirmed my belief that their support is terrible, but my first thought upon reading that paragraph was that if Samsung had issued a statement like there would already be 50 posts bashing samsung and their lack of dedication to provide good service to their customers.
Not worried at all. Nothing on my phone to steal.
What does worry me is this statement: "Google is aware of the issue but has unusually said that the fix will come only with Android 2.3, or Gingerbread."
We may never see Gingerbread for this device, that's what worries me the most.
Google should make a patch for existing OS available as well as addressing it in 2.3. Especially since they can't make manufacturers build new releases.
I don't have anything on my phone that would put me in jeopardy anyway, so no.
WTF, really? If you went to a website that started downloading stuff in the background, wouldn't you use task manager and close the browser and/or turn off your data connection as soon as possible? You can clearly see at :55 where it starts downloading a file.
It sucks that Android 2.2 has a vulnerability, but it's all about user behavior. I've gone without an actively scanning virus scanner on my Windows desktop for the last 4 or 5 years and have never once gotten accidentally infected. Security is more about user behavior than it is about fixing every single possible flaw, including those that require knowing the exact path of the files you want to steal from someone.
I'm not talking about protection for the outside of the phone, but protection for the inside. I have this idea in my head for an awesome theme, which involves the MIUI ROM (which isn't here yet, I know) and a couple of more things.
But this means there are chances that I'm going to brick my Nexus S. I've searched a little bit on the internet, and I found out that you can either 'soft brick' or 'hard brick' your device. Soft bricking seems to happen the most, and is easily fixed. I don't know what hard bricking is, and if I should be worried that that's ever gonna happen to me.
Secondly, there are chances of getting a virus. I'm not saying there are chances of getting a virus when flashing a custom ROM, I just think there is a possibility that I'll get a virus. There are several anti-virus apps in the market. Will I have the assurance that I won't get a virus when I have an anti-virus app installed (there is never really an assurance, but let's say like 'avast!' on my computer)? And when a virus sneaks past, can I just recover everything, just like when I brick my phone (minus some data if I hadn't backed-up everything)?
My third question, just a little one: I really like the idea of 'App Protector' for my Email, SMS and some more stuff. But does App Protector allways work, even when there is some kind of widget involved, like in the MIUI lockscreen? So if I slide the SMS icon in the MIUI lockscreen, will it still ask for a pattern or password?
Thanks in advance!
Is anyone using virus protection on there Tablets ????
If you run a rooted tablet and load apps from outside sources what is is the risk level????
Thanks
There's always risk running apps from uncontrolled sources....
Being rooted offers a slight measure of protection as apps that require root access need to ask for it and I wouldn't be granting it to a torch app.... There is always still the risk that some little mongrel out there will find an unprotected exploit, like the exynos exploit found recently and take advantage of it but honestly I haven't found any viruses on android though there are some supposedly around.
If you feel at risk install an antivirus app, there are a few free ones available.
I use eset anti virus, and it has found a few viruses, malware in apps....
kkretch said:
Is anyone using virus protection on there Tablets ????
If you run a rooted tablet and load apps from outside sources what is is the risk level????
Thanks
Click to expand...
Click to collapse
If those outside sources are Warez sites then risk is high.
jje
Thanks everone....
I did install an app and I'm clean.
You can't be to careful these days.
I've used a few...never once had an issue come up though. Since I rarely use "new apps" than my old standards (of which there are like 98 of them LOL) and they have never once even been a blip on Lookout, Avast, and AVG's radars, I don't bother anymore. However, if I do plan to install something new it is always from Amazon or Google and I tend to read reviews (because most people that find a problem complain like hell) and if I'm really leery, I will install a AV long enough to test it.
Like I said I use ESET antivirus, no other checker inc those mentioned above would find viruses, that ESET did.
Give in a try free trial and updates for 1 month. I found nothing else comes close tonthis software for finding problems.
Sent from my GT-N8010 using Tapatalk 2
I'm currently using SOPHOS which has not found any problems on any of my android devices. In the past I have used Kaspersky, Comodo and Lookout.
My main reason for using them is the value added services that they afford, namely remote wiping/locking/locating etc. if the the device is stolen or lost.
There has been a lot of debate as to whether antivirus software is necessary on Android. Some like the extra protection, some say it is redundant due to Google's security services. Who here uses AV software, and which software do you use? Has it ever caught anything that Google's built in security did not?
Most of the time antivirus just completely gets in the way of things that are perfectly fine, I'm ok with not having any AV. I am also very responsible and cautious when it comes to downloading software from an unknown source, so that's another reason why I don't use AV.
SirSoviet said:
Most of the time antivirus just completely gets in the way of things that are perfectly fine, I'm ok with not having any AV. I am also very responsible and cautious when it comes to downloading software from an unknown source, so that's another reason why I don't use AV.
Click to expand...
Click to collapse
Those are basically my practices as well. Just curious what everybody else does.
Sent from my MotoG3
I've never used antivirus in my 5 years as an android user. I download apps like it's crack, from all over the place, and I've never once had an issue, besides the occasional app with moderately intrusive ad software.
Viruses and malware on android stop just short of being a gigantic myth. You've got better odds of winning the lottery and being struck by lightning on the same day than ending up with malware on an android device, IMHO. You almost have to WANT to get malware lol
I used the same philosophy with windows for years before I switched to linux.....I NEVER used antivirus. I wasn't quite so lucky on that front, but I still wouldn't call malware anywhere near as bad as people make it seem on windows, either.
Remember one thing when you read articles about these big security software companies finding new exploits, worms, etc....the more scared you are, the easier time they have selling you software if you think you need it. I wouldn't even put it past some of them to actually hire a team of people to create malware to give the software a false purpose. It would definitely benefit them, as long as they don't get caught. Job security is job security, am I right?
I'm using android phone for 7 years. Till now I have used few antiviruses. But never got satisfied with them in my android phone like I'm satisfied using SafeBytes Anti-Virus in my PC. Surely android phone needs antivirus but I think no suitable antivirus is introduced yet.
There really is no need for an antivirus app. There are no "viruses"for Android. There are a few, very rare security issues, mostly at the kernel level. No antivirus will help with that. The only other thing is malware, stay away from side loading apps, and you should be good there. Apps do occasionally show up in the play store, mostly from China and with suspicious sounding names, but those are usually quickly removed from the store and your device automatically by Google.
Sent from my MotoG3 using Tapatalk
as Long as Uninstall button works i dont need Antivirus app
lol 10/10 votes
Good evening everyone, sorry for the question, but do you need an antivirus on your Android smartphone today? Can you use antivirus on your smartphone?
Hello, XDA Developers.
I joined this forum yesterday, and to be honest, I am a complete Android noob. I got my first Android phone around 6 months ago, and, as you know thanks to the title of this thread, it was a Google Pixel 2, a solid way to dip my toes into Android for the first time, especially after being an Apple sheep for many years in the past. Anyway, I found my interest in rooting coming from me wanting to install a custom icon pack to my Pixel Launcher. I found Pixel Launcher Mods, but discovered it required root. I learned what rooting was, and how to do it. That's not the problem, though.
I've heard tons on what rooting can do negatively to your phone, but using a Google-branded phone, I'm not worried in the least about getting my phone bricked nor am I worried about blowing my warranty (since Google doesn't take away warranty due to rooting). What I am worried about is security.
I use many apps on my phone which are very personal and important, like my AMEX app, Google Pay, and PayPal. Knowing that rooting is risky in the security department, I'm very nervous to make the jump due to exposing those very applications and all of that sensitive information.
I've heard that installing Magisk and TWRP somehow keeps me safe from this kind of risk, but I don't quite understand how. I really need to understand why and how Magisk keeps me safe before I root, since I know that if I don't, I'll have insane paranoia in the back of my head, which will completely ruin my experience rooting.
I've also heard that Netflix and apps similar to it simply do not function. I am a Netflix subscriber and sometimes watch on my phone, so this is kind of concerning for me. Apparently Magisk comes to the rescue again, but I still don't know why!
One other thing (second last one, I promise) I heard was that I can get purchases in the Google Play store for free. If someone can leave a link for me on how I can do that, it would be pretty awesome.
The fourth and final 'thing' as I've been calling them, is that I won't get OTA updates. With some of my own research, I found that I actually do get these updates, however, they break my root. I've heard of things like OTA RootKeeper, but when I looked it up, all I found were forum posts from 2012, which had me slightly worried. This coupled with the fact that Android P was coming out so soon had me bear the question: update or wait?
Thank you so much if you took the time to read this long and confusing thread. I tried to lay it out in the least confusing way as possible. As you can see, I'm really new to all of this, and it would be great if you guys could help me out and answer some of the questions above.
Take care! I look forward to your responses.
- Arrow008
First of all: Good choice and welcome to the community.
1. I can't exactly tell you how Magisk would keep you safe but I can tell you that it is always in your hands to keep your device and data safe. What I mean by that is that you should use your brain while using your phone. Don't download any "fancy apps" which promise to make your battery last longer or something like that. Don't click any shady links etc.
After all you are not more vulnerable just due to rooting but apps could do more harm.
2. Netflix or other apps will work with "Magisk Hide" which is built in feature of Magisk.
3. You are talking about illegal warez which are not allowed on XDA. Anyways apps cost between 1 - 5 $ and are often on sale. So there should not be any need to tinker with warez.
4. There is a guide here to keep Root with Magisk even on OTA. But for this to work you don't have to have TWRP flashed to your device (at least that's what I think).
EDIT: I'm using different Android phones since 2011 and always rooted them and didn't ever have any problems with security.
Arrow008 said:
Hello, XDA Developers.
I joined this forum yesterday, and to be honest, I am a complete Android noob. I got my first Android phone around 6 months ago, and, as you know thanks to the title of this thread, it was a Google Pixel 2, a solid way to dip my toes into Android for the first time, especially after being an Apple sheep for many years in the past. Anyway, I found my interest in rooting coming from me wanting to install a custom icon pack to my Pixel Launcher. I found Pixel Launcher Mods, but discovered it required root. I learned what rooting was, and how to do it. That's not the problem, though.
I've heard tons on what rooting can do negatively to your phone, but using a Google-branded phone, I'm not worried in the least about getting my phone bricked nor am I worried about blowing my warranty (since Google doesn't take away warranty due to rooting). What I am worried about is security.
I use many apps on my phone which are very personal and important, like my AMEX app, Google Pay, and PayPal. Knowing that rooting is risky in the security department, I'm very nervous to make the jump due to exposing those very applications and all of that sensitive information.
I've heard that installing Magisk and TWRP somehow keeps me safe from this kind of risk, but I don't quite understand how. I really need to understand why and how Magisk keeps me safe before I root, since I know that if I don't, I'll have insane paranoia in the back of my head, which will completely ruin my experience rooting.
I've also heard that Netflix and apps similar to it simply do not function. I am a Netflix subscriber and sometimes watch on my phone, so this is kind of concerning for me. Apparently Magisk comes to the rescue again, but I still don't know why!
One other thing (second last one, I promise) I heard was that I can get purchases in the Google Play store for free. If someone can leave a link for me on how I can do that, it would be pretty awesome.
The fourth and final 'thing' as I've been calling them, is that I won't get OTA updates. With some of my own research, I found that I actually do get these updates, however, they break my root. I've heard of things like OTA RootKeeper, but when I looked it up, all I found were forum posts from 2012, which had me slightly worried. This coupled with the fact that Android P was coming out so soon had me bear the question: update or wait?
Thank you so much if you took the time to read this long and confusing thread. I tried to lay it out in the least confusing way as possible. As you can see, I'm really new to all of this, and it would be great if you guys could help me out and answer some of the questions above.
Take care! I look forward to your responses.
- Arrow008
Click to expand...
Click to collapse
I would also like to welcome you to the community. Good choice crossing over from Apple and you made a great choice as far as phones go. Xda is a grea place to start and there are amazing people on here that can help you get to where you want to be.
Some background on myself, I have owned an android phone since 2010 and have rooted every android phone I've had since then. Root is the way to go and it opens so many doors for android devices.
1. Don't let a security risk scare you away from rooting, as long as you are smart with your device then you will be ok. You heard right in that Magisk keeps you safe when rooting. Magisk implements security protocols that allow our devices to pass safteynet checks. Safteynet is what android uses to tell apps that your device is secure and hasn't been tempered with. Things like Google Pay use safteynet checks in order to function. Some apps also won't function if it detects Magisk on your device. This is simply because the app knows your device is rooted and doesn't want to function as it knows it has been tampered with. Magisk has a feature called magiskhide that hides itself from certain apps being able to see it. So that, in a nutshell, is how Magisk tricks your device into thinking it hasn't been tampered with. Magisk also prevents apps from getting root acces to your phones that you don't want to authorize. Everytime an app initially requests root access, Magisk will prompt you with a popup asking if you would like to authorize said access.
2. As far as security goes. Google releases security patches once a month for our devices. if you run a custom ROM then most devs will incorporate these updates in to their ROMs and push them out to users. So when you root, your device will no longer update OTA, you must do it yourself. Even if you run stock Google firmware, you must still manually push updates to your phone (plenty of guides on how to do this). As long as you stay on the most recent Google security patch, then you have nothing to be afraid of.
3. Free apps. Yes, there are illegal markets out there that upload stolen apps but these come with a high security risk and are not allowed to be discussed on Xda. When you install apps from markets like these you run a high security risk. Some apps are made to look like other apps and have different permissions and can have access to parts of your phone that you don't know about. I would never recommend installing apps from markets like these. Stick to the Play Store and support the devs.
4. Like I said in #2, you will not get OTA updates anymore since you are rooted. Yes, in the past with other devices, some devs have come out with apps that allow OTA while maintaining root, as of right now there is not such thing for our phones. Manually pushing updates to our phones is not hard with TWRP. TWRP allows you to backup everything, wipe everything, and install new ROMs/updates. When you install a new ROM it will wipe everything as far as your os goes but will not wipe your storage (pics, music, files) So when you update a new ROM I highly recommend you get an app called Titanium Backup. TB will backup all your apps+data, that way when you install a new ROM/update, all you have to do is restore the apps with TB and its like nothing changed. It can even backup things like call history, texts, wallpaper selection, wifi passwords, etc. Definitely a must have for rooted devices.
Dive in, get involved, but please do your research before just spouting off questions in this q+a thread. People are here to help you but 9/10 times your question has probably already been answered. Read the rules of Xda and happy rooting.