
Major app vulnerability that could affect 99% of Android devices unearthed - Libertatea
http://thenextweb.com/google/2013/07/04/major-app-vulnerability-unearthed-could-affect-99-of-android-devices/
======
pablisco
Not affecting Play Store apps so it's really irrelevant. If you try to
download an app without paying or knowing the source of it you probably
deserve a virus. ;) It's like if you get some knock off drug off the internet
and gives you more trouble than gain... would you blame the pharma company?

~~~
fpgeek
Not entirely irrelevant. From what I've read, downloading directly from the
Play Store has been taken care of. That probably also means the Play Store /
Play Services verifier for sideloaded apps is checking for this exploit.

That being said people who use other app stores and don't have Play Services
(e.g. Kindle Fires, Chinese devices, etc.) probably have some legitimate room
for concern (at least until those stores are in the loop and are taking
countermeasures). Of course that's nowhere near 99% of Android devices, but
why let the facts get in the way of a good headline?

------
lukedjn
[https://news.ycombinator.com/item?id=5987097](https://news.ycombinator.com/item?id=5987097)

------
dobbsbob
This could be a problem for all the custom rom guys installing Gapps/play
store apk's. Many Chinese manufacturers dont get access to official google apk
either

------
aviraldg
ugh, another sensationalistic news story

edit: Yeah. There's no way this affects 99% devices, because 99% people won't
bother downloading apps from non-Play sources.

~~~
BaconJuice
Exactly.

Read my comment I left there couple days ago.
[https://news.ycombinator.com/item?id=5976087](https://news.ycombinator.com/item?id=5976087)

------
Shtirlic
Looks like a good try to force Android users to use only Google Play.
"...perhaps via a third-party app store or fake app links."

------
dallagi
Are Android apks converted to BlackBerry 10 bars still vulnerable?

------
kimlelly
So, if I get this right, it's a bug which could be used as a feature by Google
to work more effectively with the NSA.

(It doesn't sound too far fetched to me, since we know that the NSA has even
installed hardware at companies like Google.)

EDIT: to the downvoters: if you downvote, say what you don't find ok. Is it
the critical thinking part?

~~~
muro
> since we know that the NSA has even installed hardware at companies like
> Google

you do? I never heard of such thing - can you tell more?

~~~
kimlelly
I know, it's not easy to keep up with all these revelations coming out every
day...

Here you go: [http://gigaom.com/2013/06/29/new-prism-slides-say-the-
progra...](http://gigaom.com/2013/06/29/new-prism-slides-say-the-program-
allows-nsa-to-eavesdrop-on-live-conversations/)

~~~
fpgeek
These slides are not nearly as clear-cut as you imply:

[http://www.techdirt.com/articles/20130701/00444723675/newly-...](http://www.techdirt.com/articles/20130701/00444723675/newly-
leaked-nsa-slides-prism-add-to-confusion-rather-than-clear-it-up.shtml)

~~~
kimlelly
Well, yeah, in the end it all comes down to who you're willing to trust. So
it's everyone's personal choice.

Personally, the only "web company" I'm willing to trust, is Mozilla. And
that's probably the result of the fact that they're not-for-profit. And that
fact eliminates a great deal of potential for corruption.

~~~
dobbsbob
Mozilla gets all their funding from Google

