Opps..

http://techcrunch.com/2013/07/04/android-security-hole/
http://www.bbc.co.uk/news/technology-23179522

...................What a great usp

Good to see that Google are acting quickly to fix this via the Play store. I'll expect an update for my Nexus 4 soon.

I think that means that any non app store downloads need to be hash check summed before installing.

Obviously this applies to Flash the most.
I'm assuming 'apk code' here refers to apps not actually installed.

I don't get it, surely any sideloaded app can do what it wants with the phone anyway

I'm going to say this is blown out of proportion and it's good Google are working on a fix.

Firstly, it's unlikely 900m people will be affected because a popular app has to be malicious, which is unlikely in itself.

A lot of hype for a potentially small issue.

I think the point is that any of the 900m users could be affected, not all of them.

If they roll out a fix, you would imagine they would want to roll it out to everyone.

I wonder if Samsung pushed their patch upstream and maybe contributed some code? Or maybe Google is independently working on a fix. Though it's unconfirmed whether or not the S4 is excluded from this warning.

Also, as long as Google Play is used (or Amazon etc.) rather than an unknown app store, the risk is reduced even more.

A bit like "all HTC One owners at risk of being mugged for their phone".

If there's going to be a fix how will we be able to download it or where will we be able to download it from?

I'm beginning to wonder if I should install an antivirus app on my phone. Would that help keep malware at bay? As for apps I only use the Play store and I haven't got the option to use other app stores enabled.

Probably a Google Play update.

I suspect if this was IOS you would be making a lot more of it

Meh....these sorts of issues crop up all the time, across platforms.

http://gizmodo.com/5984190/how-to-by...anyones-iphone

http://www.informationweek.co.uk/sec...omis/240142933

If this were iOS, the thread would be up to ten pages by now and people would be falling over themselves to comment on the terrible security lapse.

Quite

Really?

I thought total silence is more the norm on such like stuff.
And imagine the outrage if Google was able to install US NSA software on Android, which logically it is the only one which can't without being found out.

iPhone tracking for life, hardly a murmur.
iPhones new tracking via any routers you all pass, not a word.

Probably because for years we have heard how its the most secure etc etc etc and had apple users blurting this out constantly.

There was an issue like this with iOS if i remember correctly anyway.

Are you making an actual point? There was a HUGE fuss made when the tracking thing was uncovered, and rightly so.

You've mentioned this thing about Apple tracking you via routers before. Do you have anything to substantiate it? If you're talking about wifi positioning, then that's not Apple tracking iPhones. You realise that Android uses this technique too, right?

I can't recall much of any discussion.
It was quite funny Jobs calling it 'shocking' but with him the salesman I guess he never needed to know.

On this Android hitch, I do hope news sites and Adobe advise about tampered Flash downloads.
Everything else downloaded in a similar fashion is piffling.

No, nothing like that.

They don't need to install anything, there data capture already goes beyond what some feel is legal.

http://www.bbc.co.uk/news/technology-23187771

Not really the same. The first link requires physical access to the phone.. which if someone else has physical access to your phone it's already compromised anyway. And the second link is about images, which could apply to all OS's. It's just they highlighted iOS because it auto loads images in email clients. But so do others.

This particular hack would appear to suggest Android users are now having to be cautious to only download apps from "recognised developers" which to me is a huge flaw. But then i've never agreed with the nature of the Android app store. People mock Apple for approving apps but at least it added another level of security.

You're going to have to provide a link to this because I googled "iphone tracking routers" and found no news stories. I would also be very surprised if Apple are doing anything related to routers as Steve Jobs was a huge critic of Googles router database.

Which let's not forget.. while they were driving their little camera cars around the world taking photos of everyones house and street.. they were also recording every router they came across and plotting it on a map and storing all this in a huge database. That's why when you go onto google map and ask it to find your location when hard wired into a broadband line, it can find your exact location. So really.. no one knows router privacy breaches better than Google do.

Heres Steve discussing it: http://www.youtube.com/watch?v=39iKLwlUqBo

For me, the issue is not even the actual security flaw, it is the fact that an update needs to be rolled out to all android devices (a claimed 900m). Given the fragmentation I will be interested to see how quickly that can be achieved.

It is interesting that Samsung have already included a fix for the S4. How does that fit with an overall solution for android? Are you going to get a situation where each supplier is going to start providing patches for OS flaws and not just bug fixes for their overlays?

Apple does have its own router database, which is used like Google's for wifi location. It's not the tracking system that Alan suggests though.