3/4 of android phones/tablets/devices are at risk

[CruisnGrrl]

Forum Sponsor

http://arstechnica.com/security/201...mpromised-by-android-malware-called-gooligan/
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/

you are less likely (but not immune) if you only get your apps from the google play store, how ever you can still be compromised by following a link online or from an email.

not sure how fast a fix will come for this as updates are pushed out by the carriers and manufacturers and many would rather sell you a new phone than push an update out for your current phone.

 

[TwistedKestrel]

Supposedly only effects Android 4-5. If your device is still running those versions, you're probably not going to get an update ever

 

[DJM]

Supposedly only effects Android 4-5. If your device is still running those versions, you're probably not going to get an update ever

That covers a lot of new Asus and Blu phones currently available at stores.

 

[TwistedKestrel]

Yup

 

[PrivatePilot]

Supposedly only effects Android 4-5. If your device is still running those versions, you're probably not going to get an update ever

Considering significantly over 50% of the Androids out there are still running 4 or 5 (including as DJM mentioned, some phones still being sold as brand new) that's a huge problem.

And yes, many (most?) of those phones will NEVER see an update because the carriers don't want to be bothered with them anymore. Therein lies the second problem with Android - fragmentation and lack of updates because of a carrier based system for such instead of a manufacturer based system.

This is why the walled ecosystem of Apple is safer...because crap like this can't happen. You can't install apps from any willy nilly site out there that promises paid apps for free...but comes along with a secret payload that steals your online life along with it.

For iOS, Apple controls the updates (so major issues receive patches to all handsets in short order) and you don't have situations where potentially 80% of that 50% plus installation base of Android 4&5 are going to be left with handsets that are inherently risky or dangerous to continue to use simply because they'll never get an update.

This certainly could be Androids "come to jesus" moment.

I'm surprised it's taken this long.

 

[mmmnaked]

This right here is why you buy a Google phone and not some carrier-bloatware-laden junk from the usual manufacturers.

 

[PrivatePilot]

This right here is why you buy a Google phone and not some carrier-bloatware-laden junk from the usual manufacturers.

EXACTLY.

I'm not totally anti-Android (despite it's shortcomings, a Google handset running 4-5 would be equally at risk until patched), but at least with a native Google handset you're much more likely to get those essential or critical patches to begin with instead of being left out in the cold.

 

[AF4iK]

iOS is not immune to malware. There's a bunch out there. But it probably is less susceptible than Android due to the reasons stated above. I can live with this level of security though. Just have to be careful like you--hopefully--would on a PC.

 

[PrivatePilot]

iOS is not immune to malware.

It most certainly is not, but you must admit that the rate of infection on, say, 100,000 iOS handsets vs 100,000 Android handsets is infinitesimally lower.

Yes, a lot of people dislike the walled garden approach that Apple takes with their apps, but there's certainly a benefit in that malware is almost impossible to introduce via a simple app install.

 

[Baggsy]

It most certainly is not, but you must admit that the rate of infection on, say, 100,000 iOS handsets vs 100,000 Android handsets is infinitesimally lower. Yes, a lot of people dislike the walled garden approach that Apple takes with their apps, but there's certainly a benefit in that malware is almost impossible to introduce via a simple app install.

Sure, but that doesn't include those who have jailbreaken/jailbroke their iPhone.

 

[PrivatePilot]

Sure, but that doesn't include those who have jailbreaken/jailbroke their iPhone.

Agreed, but that is a tiny fraction of the user base, and they generally know the risk.

 

[daught]

If the carrier does not update the phone they should allow the user to unlock the boot loader. I realize the carriers have no interest to do that, but to keep phones out of landfills they should be forced to do so. A phone with an unlocked boot loader can have it's life extended for years. I bought a moto droid for $150 off ebay. With moto rom it's pretty much useless and stuck on android 5. With an unlocked bootloader it's an awesome phone that I will probably keep for at least two more years. Android 7 is available for it from 3rd party developers.

 

[nfq]

If the carrier does not update the phone they should allow the user to unlock the boot loader. I realize the carriers have no interest to do that, but to keep phones out of landfills they should be forced to do so. A phone with an unlocked boot loader can have it's life extended for years. I bought a moto droid for $150 off ebay. With moto rom it's pretty much useless and stuck on android 5. With an unlocked bootloader it's an awesome phone that I will probably keep for at least two more years. Android 7 is available for it from 3rd party developers.

Yes but: money.

They want you to upgrade every contract cycle.
They've even started to market phones they sell on contract as 'will get 2 years of updates guaranteed' .
Until google puts more pressure on OEM's/carriers it won't matter.

 

[PLau]

Agreed, but that is a tiny fraction of the user base, and they generally know the risk.

In order to run .apks on Androids, a user would have to go into the developer options and enable the option to run third party software which also presents a message in regards to potentially malicious software.

iPhones just make it a bit tougher to jailbreak their phones which is the only thing protecting people from running third party software. THAT is the only thing saving iPhone users - the trouble and time it takes trying to jailbreak their phones (which opens up a whole new can of worms of people bricking their phones because they can't follow simple instructions).

On both platforms, the user is informed of the risk beforehand, it's just those who blindly follow instructions on the Interwebz and download/install everything they see.

Hackers also usually target the masses of users (unless they want to target specific people). The Android smartphone market is 5x that of Apple iPhones - much easier to target Android users.

No matter what updates they release, people will always find a way to screw themselves for no reason.

 

[Joe Bass]

So..for those of us who have no clue about any of this, how do we fix it? I'm pretty sure that I'm running android 5. (If that is what 5.0.1 means)

Sent from my SGH-I337M using Tapatalk

 

[TwistedKestrel]

You don't, really. You either keep using your device and hope for the best, or you replace your device. Even though the physical device is perfectly fine. Yes, it's stupid

 

[Baggsy]

So..for those of us who have no clue about any of this, how do we fix it? I'm pretty sure that I'm running android 5. (If that is what 5.0.1 means)

Sent from my SGH-I337M using Tapatalk

Write a nice letter to one of the company executives, and explain your dilemma.
It can't hurt.

 

[daught]

Yes but: money.

They want you to upgrade every contract cycle.
They've even started to market phones they sell on contract as 'will get 2 years of updates guaranteed' .
Until google puts more pressure on OEM's/carriers it won't matter.

Google won't do anything. The only push for longer device support would have to come from some kind of environmental concern, but let's face it, environmental concern is either a tax ploy or marketing.

 

[AF4iK]

So..for those of us who have no clue about any of this, how do we fix it? I'm pretty sure that I'm running android 5. (If that is what 5.0.1 means)

Sent from my SGH-I337M using Tapatalk

If you just want to upgrade away from version 5 I would say to ask a techie friend to root the phone and install a good custom ROM. Then ask him to disable root access and side loading.

 

[PrivatePilot]

If the carrier does not update the phone they should allow the user to unlock the boot loader. I realize the carriers have no interest to do that, but to keep phones out of landfills they should be forced to do so.

After the subsidy is paid off, or they refuse to issue updates anymore, the phone should be unlocked in it's entirety - bootloader (in the case of Android), and carrier. This SHOULD be law, I agree...but as mentioned...money. They can make more money selling you a new phone when your perfectly capable one becomes useless because of artificial software limitations, or in this case, security concerns. And want it unlocked, even after you paid for it on a 2 year contract? Yeah, we'd like more money for that too.

iPhones just make it a bit tougher to jailbreak their phones

That alone severely limits the percentage of potentially vulnerable phones in the wild - jailbreaking isn't for everyone. Installing third party apps on Android is simply a matter of clicking accept on a few warnings that most people probably don't even pay a split second of attention to - jailbreaking iOS is much more involved.

The Android smartphone market is 5x that of Apple iPhones - much easier to target Android users.

Also vastly easier to hack in the end, so double whammy.

So..for those of us who have no clue about any of this, how do we fix it? I'm pretty sure that I'm running android 5. (If that is what 5.0.1 means)

First, stay away from third party repositories and chances are you'll be safe unless something slips into the Google Store..which is highly unlikely.

Secondly, turn on two factor verification for all your Google accounts. That helps prevent malicious password changes.

Then you hope and pray your provider decides to release a software update for your phone. Your mileage may vary.

Forum Sponsor