Tech News : Android Fake ID bug exposes smartphone...

Anonymous · ‎29-07-2014

Headline : Android Fake ID bug exposes smartphones and tablets.

"An Android flaw has been uncovered that lets malware insert malicious code into other apps, gain access to the user's credit card data and take control of the device's settings.

BlueBox Labs said it was particularly concerning as phone and tablet owners did not need to grant the malware special permissions for it to act."

My thoughts :

Thought I'd add this to the forum as a heads up.

Source : BBC News
Read more here : http://www.bbc.co.uk/news/technology-28544443

Anonymous · ‎29-07-2014

Have Android devices on O2 recieved a recent update that would patch against this vulnerability?

Possibly one for @Toby or @Chris_K ?

Anonymous · ‎29-07-2014

Google have released a patch to close the vulnerability but I understand it is with the manufacturers now to update devices and push it out.

Of course for locked phones that will show things down further.

This is a weak point with Android. At least with Apple they keep control and push updates out to devices bypassing the networks to a degree.

Anonymous · ‎29-07-2014

@Anonymous wrote:

At least with Apple they keep control and push updates out to devices bypassing the networks to a degree.

That is literally the only thing I wish other manufacturers could do that Apple already utilise.

anticpated · ‎29-07-2014

The largest issue is that Google will only push relevant security updates to currently popular versions of it's Android OS. And don't forget OEM developers will add their own level security into their custom version, so LG, Samsung and HTC should be patched by now in 4.3 to the current 4.4.4 builds.

OEM developers whom have ceased updating firmware on older telephones won't patch it.

Google might in their Nexus range, however there is far less fragmentation in the OS share there anyway. If you don't fully trust an application or have no clue what you're doing, then maybe you shouldn't be using an Android mobile/tablet.

To be fair, people will always use cheap and nasty tricks to exploit people.

Samsung Galaxy S10, Samsung Galaxy S21 Ultra

Anonymous · ‎30-07-2014

To counteract the media scare mongering around this, I found this article to be quite good:

http://www.androidcentral.com/fake-id-and-android-security-updated

Yes the bug is an issue, but Google have known about it since April and have already patched it. The article also points out that the LG G3, HTC One M8 and Samsung Galaxy S5 are already updated with this. Also, Google have updated Google Play and Verify Apps to protect users (which helps with regards to phones no longer being updated, as these are done independently of the OS), and they have found no apps in their store that attempt to use this vulnerability.

So, stick to installing apps from Google Play and be aware of what you're installing I guess is the moral of this story.

Toby · ‎30-07-2014

Hi Papa, I'll see if there is any info on this for you.

Fancy writing a great device review or O2 forum guide? Send me a message!

Get involved:
• New to the community? This is how you get help.
• Want to know who we are? Come and say hi to us.
• Want to have a chat? Drop me a direct message.

Anonymous · ‎30-07-2014

Have you seen this guy's opinion?

http://www.osnews.com/story/27868/Another_day_another_sensationalist_unfounded_security_story

Anonymous · ‎30-07-2014

Awesome @Anonymous

I have checked my Android device and see that Verify Apps is already running so I feel fairly secure.

Thank you for the updates

jonsie · ‎30-07-2014

Fear, uncertainty and doubt just about sums up the aim of the spreading of these stories and the ultimate end result of selling antivirus apps.

Click Here For Social Media Support Links VirginmediaO2THIS IS NOT CUSTOMER SERVICE AND WE CANNOT ACCESS ACCOUNTS

O2

Tech News : Android Fake ID bug exposes smartphones and tablets