cancel
Showing results for 
Search instead for 
Did you mean: 

could all Xperia owners please do the following. *URGENT*

viridis
Level 56: Guvnor
  • 13536 Posts
  • 106 Topics
  • 309 Solutions
Registered:
Hi, can you please go to android play store and disable auto updates.
Also can you go into Xperia update centre and turn OFF automatic updates.
And do not update the system app "backup and restore"
Will post back soon, still finding out details but it is very urgent that
ALL XPERIA OWNERS DO THE ABOVE ASAP.!!!
Message 1 of 34
7,208 Views
33 REPLIES 33

viridis
Level 56: Guvnor
  • 13536 Posts
  • 106 Topics
  • 309 Solutions
Registered:
May have been too late, but as you followed the recommended steps, it all worked out in the end.

What happened:
Some hacker/developer/corporate thief who has a z3c noticed that the backup and restore app was actually really good. He then had the idea of doing a z3 system dump to extract the app.
Once extracted he changed the device restrictions (only xperias) and repackaged the app.
He then published it on the Google play store so any device can use the app.
Problem is the package name wasn't changed so could upload as is because not all sony system apps are on Google play therefore Google play's duplicate trigger never saw the app as a problem, it didn't exist prior.
Now after this, anyone with xperias, when looking at the app, would see it as already installed on Google play. This is because even though the library on Google play does not hold some system apps, when looking at updates or install status, will look at all apps installed on device.
(This is also the case in copied games. Google play will tell you it's installed when viewed in play store)

Is it a problem:
no, the reason that your icon changed and your apps listed it as installed is because when your device looked for updates, it found the one on play but as the version numbers are the same did not update, but did update the icon to the "new" one.

Could it have been a problem:
Yes, it exposed quite a big security flaw that by publishing a matching system dumped app with new ownership, if it had enough permissions, could be "updated" to something sinister without you even knowing.

Is it sorted:
I expect so yes, I expect Google will include the names of system packages to a black list of apps that can only be updated by certain manufacturers.

Note that none of the above is confirmed by sony or Google.
Message 31 of 34
8,846 Views

Cleoriff
Level 94: Supreme
  • 127784 Posts
  • 834 Topics
  • 7586 Solutions
Registered:

Thanks for that update @viridis At least I understand how it managed to slip under the radar (as it were)

Keep this up...you are surely developing your own mini Tardis.Drum

Veritas Numquam Perit

Girl in a jacket
Message 32 of 34
8,843 Views

viridis
Level 56: Guvnor
  • 13536 Posts
  • 106 Topics
  • 309 Solutions
Registered:

@Cleoriff wrote:

Thanks for that update @viridis At least I understand how it managed to slip under the radar (as it were)

Keep this up...you are surely developing your own mini Tardis.Drum


Eh, yawot? 

 

 

 

 

Oh, and....

 

 

 

 

Message 33 of 34
8,839 Views

Cleoriff
Level 94: Supreme
  • 127784 Posts
  • 834 Topics
  • 7586 Solutions
Registered:

Oh look...a cat and a cake.Cat.... How lovely Thank you wink

Now back on topic (I know its your thread ..but) tongue

 

Veritas Numquam Perit

Girl in a jacket
Message 34 of 34
8,834 Views