Hacker News new | past | comments | ask | show | jobs | submit login

> I refused to type passwords since I was worried it might have been another app imitating Google and I had no recollection of any action that would have required me to sign in again

Same for me! So follow-up question, how do we know if an android app is the real deal? I opened the app switcher and it certainly said "Google Play Services" on top of the window asking for my password, and had the correct logo, but could other app present itself in the same way?

If you long press on the notification, a little info icon pops up and tapping that will take you to the App details page. That's an easy way to verify the package name and version. If it is a sketchy app and not Google Play Services, kill it with fire! (FWIW it was Google Play Services for me)

This is exactly what I was looking for, thanks!

I had the same issue. First I wanted to check whether the password I was using was still valid. So I verified/signed-in on another machine in an incognito mode. Once I had verified that the password was correct and still working. I then restarted android. After scanning using Lookout (honestly not really sure how good they are.). Rather than going through the "Google Play Services" notifications, I opened GMail app and checked if the past emails could be opened, after confirming that it was a legitimate app. I intentionally entered a completely incorrect password twice assuming that if it went away it was a really well crafted phishing attempt. Eventually I entered the password.

> I intentionally entered a completely incorrect password twice assuming that if it went away it was a really well crafted phishing attempt.

That's a clever trick, I'll remember it for next time something similar happens.

I had the same paranoia as several other people in this thread (don't enter password if you're prompted unexpected or without clear reason). I had the fortune only a "trash" gmail account got locked out, not my main one. So I verified on another machine, password was unchanged, checked if I really hadn't registered any other important accounts with that email, and just gave in after an hour or so, to make the notification go away.

Guess what happened to me on my iPhone today in the morning when I put it out of the airplane mode. Same thing I didn't enter my password for the above mentioned reasons

> how do we know if an android app is the real deal?

You don't.

Not that it really matters, if you care about security you shouldn't be using Android in the first place.

Don't let the perfect be the enemy of good. Or in other words, I try to adjust my opsec/persec to a realistic threat model, not to my worst dystopian nightmares.

I think the point is that, Android is not what we would consider "good" security.

This is not about dystopian nightmares, this is about an OS where it's exceptional to EVER get an update, let alone get it in time.

If you go out to a shop and buy 100 Android phones, at least 99 will be running outdated OS versions with known security issues and no updates available.

But why aren't these Android phones getting hacked left and right, everywhere? Any idea?

Where I am (the Netherlands), Android is way more popular than iOS--I'm not attaching value judgement to popularity or otherwise, nor am I particularly doubtful of your claim that the average (cheap) Android phone is running an outdated version.

But if that's the case then what is going on?

Are they not juicy targets for hackers? (tons of personal information, botnet possibilities, seems valuable to me)

Or are they in fact being hacked quietly and we're not hearing much about it? Is everyone's cheap phone already part of a botnet and nobody realizes?

Is it perhaps that the exploits require physical proximity that hackers don't deem worth the risk?

Looking at active Android clients your claim might be correct (although I assume it is not 99%), but if he actually went out and bought a new "premium" phone which I assume most here would do it is most likely updated.

Is there a smart phone OS, that's actually usable, that is any better?


BB10 would have been even better but they pulled the plug on that one.

Is iOS really that much better than an updated stock Android? Even if you find differences, they are not as big as you make it sound.

Comparing stock iOS with some old unupdated cheap phone with bloated Android is not fair.

I can't say if it's much better, but iOS devices does have some security features most Android devices don't have :

- hardware Secure Enclave (as time of writing, only Samsung devices and latest Google Nexus also have a similar hardware, as far as I know)

- strong sandboxing (again, only Samsung devices with Knox can really compare)

- restrictions on which apps you can get, that filters on malicious apps (ex: fake gmail app). It is void if you use jailbroken iOS or allow sideloading on Android.

- security updates are both more frequent (except Google devices, all Android manufacturers always lag behind for updates), and available to older devices (varies from manufacturer to manufacturer, but it's generally way less than Apple)

Of course, you need to factor in the delay to respond to security flaws (I don't have that kind of data), and other factors too, as well as decide if iOS suits you. That's for you to decide.

> Is iOS really that much better than an updated stock Android?

No, but updated stock android phones are not really a thing, are they ?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact