{"id":2885,"date":"2013-07-11T12:30:57","date_gmt":"2013-07-11T16:30:57","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=2885"},"modified":"2013-07-11T12:30:57","modified_gmt":"2013-07-11T16:30:57","slug":"google-critical-android-security-flaw-wont-harm-most-users","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/07\/11\/google-critical-android-security-flaw-wont-harm-most-users\/","title":{"rendered":"Google: Critical Android security flaw won&#039;t harm most users"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techhive.com\/article\/2043907\/google-critical-android-security-flaw-wont-harm-most-users.html\"><img data-recalc-dims=\"1\" decoding=\"async\" alt=\"\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2013\/07\/android_protect_primary_v2-100024987-gallery.jpg\" \/><\/a><\/p>\n<p>A security flaw could affect 99 percent of Android devices, a researcher claims, but the reality is that most Android users have very little to worry about.<br \/>\nBluebox, a mobile security firm, billed the exploit as a \u201cMaster Key\u201d that could \u201cturn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.\u201d In a blog post last week, Bluebox CTO Jeff Forristal wrote that nearly any Android phone released in the last four years is vulnerable.<br \/>\nBluebox\u2019s claims led to a fair number of scary-sounding headlines, but as Google points out, most Android users are already safe from this security flaw.<br \/>\nSpeaking to ZDNet, Google spokeswoman Gina Scigliano said that all apps submitted to the Google Play Store get scanned for the exploit. So far, no apps have even tried to take advantage of the exploit, and they\u2019d be shut out from the store if they did.<br \/>\nIf the attack can\u2019t come from apps in the Google Play Store, how could it possibly get onto Android phones? As Forristal explained to Computerworld last week, the exploit could come from third-party app stores, e-mailed attachments, website downloads and direct transfer via USB.<br \/>\nGoogle Play\u2019s app verification feature.<br \/>\nBut as any Android enthusiast knows, Android phones can\u2019t install apps through those methods unless the user provides explicit permission through the phone\u2019s settings menu. The option to install apps from outside sources is disabled by default. Even if the option is enabled, phones running Android 4.2 or higher have yet another layer of protection through app verification, which checks non-Google Play apps for malicious code. This verification is enabled by default.<br \/>\nIn other words, to actually be vulnerable to this \u201cMaster Key,\u201d you must enable the installation of apps from outside Google Play, disable Android\u2019s built-in scanning and somehow stumble upon an app that takes advantage of the exploit. At that point, you must still knowingly go through the installation process yourself. When you consider how many people might go through all those steps, it\u2019s a lot less than 99 percent of users.<br \/>\nStill, just to be safe, Google has released a patch for the vulnerability, which phone makers can apply in future software updates. Scigliano said Samsung is already pushing the fix to devices, along with other unspecified OEMs. The popular CyanogenMod enthusiast build has also been patched to protect against the peril.<br \/>\nAndroid\u2019s fragmentation problem does mean that many users won\u2019t get this patch in a timely manner, if at all, but it doesn\u2019t mean that unpatched users are at risk.<br \/>\nNone of this invalidates the work that Bluebox has done. Malicious apps have snuck into Google\u2019s app store before, so the fact that a security firm uncovered the exploit first and disclosed it to Google is a good thing. But there\u2019s a big difference between a potential security issue and one that actually affects huge swaths of users. Frightening headlines aside, this flaw is an example of the former.<br \/>\nvia <a href=\"http:\/\/www.techhive.com\/article\/2043907\/google-critical-android-security-flaw-wont-harm-most-users.html\" target=\"_blank\">Google: Critical Android security flaw won&#8217;t harm most users | TechHive<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A security flaw could affect 99 percent of Android devices, a researcher claims, but the reality is that most Android [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[65,424,953],"class_list":["post-2885","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-android","tag-google","tag-security-flaw"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-Kx","jetpack-related-posts":[{"id":8892,"url":"https:\/\/nccomputertech.com\/techtalk\/2016\/04\/18\/spotty-android-encryption-is-the-story-behind-the-story-of-apples-battle-with-the-fbi\/","url_meta":{"origin":2885,"position":0},"title":"Spotty Android encryption is the story behind the story of Apple\u2019s battle with the FBI","author":"NCCT","date":"April 18, 2016","format":false,"excerpt":"By Jonathan Keane | PCWorld Savvy Android users know that Apple\u2019s face-to-face with the FBI is only the beginning of the phone-encryption furor. Google CEO Sundar Pichai voiced his support for Apple and for strong and safe encryption, but he didn\u2019t give specifics on how Google would deal with this\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5579,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/05\/13\/linux-gets-fix-for-code-execution-flaw-that-was-undetected-since-2009-ars-technica\/","url_meta":{"origin":2885,"position":1},"title":"Linux gets fix for code-execution flaw that was undetected since 2009","author":"NCCT","date":"May 13, 2014","format":false,"excerpt":"Maintainers of the Linux kernel have patched one of the more serious security bugs to be disclosed in the open source operating system in recent months. The five-year-old code-execution hole leaves computers used in shared Web hosting services particularly vulnerable, so users and administrators should make sure systems are running\u2026","rel":"","context":"In &quot;Linux&quot;","block_context":{"text":"Linux","link":"https:\/\/nccomputertech.com\/techtalk\/category\/linux\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/05\/rockhopper_penguin_sick-640x807.png?resize=525%2C300 1.5x"},"classes":[]},{"id":8767,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/12\/07\/security-vulnerabilities-found-in-support-software-from-lenovo-toshiba-and-dell\/","url_meta":{"origin":2885,"position":2},"title":"Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell","author":"NCCT","date":"December 7, 2015","format":false,"excerpt":"By Lucian Constantin | PCWorld The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.The most serious flaws appear to be in Lenovo Solution Center\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8617,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/09\/11\/the-first-monthly-android-security-updates-start-rolling-out-for-nexus-devices\/","url_meta":{"origin":2885,"position":3},"title":"The first monthly Android security updates start rolling out for Nexus devices","author":"NCCT","date":"September 11, 2015","format":false,"excerpt":"Google has delivered on its promise to release monthly security updates today, with the first of said updates now rolling out to nearly all Nexus devices released in the past three years. The updates haven't been given their own Android version number, with Google instead opting to simply change the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8714,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/11\/05\/newly-discovered-adware-digs-its-claws-deep-into-android-is-nearly-impossible-to-remove\/","url_meta":{"origin":2885,"position":4},"title":"Newly discovered adware digs its claws deep into Android, is nearly impossible to remove","author":"NCCT","date":"November 5, 2015","format":false,"excerpt":"Security researchers found over 20,000 adware samples hiding in apps that masquerade as Facebook, Twitter, Snapchat, and other popular services. Derek Walter | @derekwalter | PCWorld Security researchers have uncovered a new style of Android malware that hides inside of apps that act and look like they\u2019re legitimate services. Lookout\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6169,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/04\/researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight\/","url_meta":{"origin":2885,"position":5},"title":"Researchers uncover fundamental USB security flaw, no fix in sight","author":"NCCT","date":"August 4, 2014","format":false,"excerpt":"A pair of security researchers from SR Labs have uncovered a fundamental flaw in the way USB devices work. It affects every single USB device out there and worse yet, there's no line of defense short of prohibiting USB stick sharing or filling your USB ports with superglue. The flaw\u2026","rel":"","context":"In &quot;Hardware&quot;","block_context":{"text":"Hardware","link":"https:\/\/nccomputertech.com\/techtalk\/category\/hardware\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=2885"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/2885\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=2885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=2885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=2885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}