(www.forbes.com)

208 points mohi-kalantari | 1 comments | 08 Dec 25 16:32 UTC | HN request time: 0.334s | source

Show context

baal80spam ◴[08 Dec 25 17:13 UTC] No.46194865[source]▶

>>46194315 (OP) #

This requires user action, right? User needs to install the APK by hand? In other words - if I don't install any crap on my phone I am safe?

replies(4): >>46195501 #>>46196376 #>>46197180 #>>46197361 #

pajko ◴[08 Dec 25 19:15 UTC] No.46196376[source]▶

>>46194865 #

Both mentioned CVEs seem to be about local privilege escalation. So basically yes, if you don't install crap apps, there's a high chance that you are protected. Problem is that it might not seem to be a crap app, but a nice-looking game, etc. Also an attack can come in with an update of any app you have already installed on your phone.

replies(2): >>46196813 #>>46198976 #

1. QuadmasterXLII ◴[08 Dec 25 23:11 UTC] No.46198976[source]▶

>>46196376 #

Threat model is probably third party ad and tracking libraries that pay to get into apps. If I caught it, I'd expect it to be from an app to use a parking deck, a colorful desk lamp, an otoscope etc where the developers sold out years ago

↑

Google confirms Android attacks; no fix for most Samsung users