Android flaw news

**s10pao** · July 5th, 2013 08:41 AM

Originally Posted by 1D4LV

they don't have the proper testing capability as iOS does, otherwise, it contradicts the open sourceness of android.
and the fact that even in google play, apps that are deemed as legit and still being used by malicious developers.
going back to my previous statement, IT security is a matter of proactiveness. even though your house has a security lock, you still feel the need to have your home secured diba? same as with your car? it goes the same in computing. the process never ends.

sir na curious lang ako. ano kinalaman ng proper testing sa open sourceness ng android?

**Retz** · July 5th, 2013 11:56 AM

Thos who always download or watch **** are most vulnerable.

**Monseratto** · July 5th, 2013 01:29 PM

Most vunerable are the rooted phones as well, because there's no way to check those modded OS for frankenware.

**xwangbu** · July 5th, 2013 03:10 PM

a rooted phone isn't always on custom firmware.

btt: bluebox only provided a screenshot and details to be released pa on blackhat conf end of july.
hopefully it is just FUD.

**1D4LV** · July 8th, 2013 11:21 AM

Originally Posted by s10pao

sir na curious lang ako. ano kinalaman ng proper testing sa open sourceness ng android?

kung Google tests everything, the scenario gets closed and controlled, which is not the way open source works.
people always see opensource as free....not always the case....

**1D4LV** · July 8th, 2013 11:22 AM

Originally Posted by s10pao

sir na curious lang ako. ano kinalaman ng proper testing sa open sourceness ng android?

kung Google tests everything, the scenario gets closed and controlled, which is not the way open source works.
people always see opensource as free....not always the case....

in opensource, code should always be available for everyone for manipulation.
dito nagsisimula ang security issues.

btw..... ang problema with open source is not on viruses but on malware.

**xninjax** · July 8th, 2013 11:35 AM

If a bad guy can persuade/trick you to run his program on your phone, it's not your phone anymore

**1D4LV** · July 8th, 2013 11:48 AM

Originally Posted by xninjax

If a bad guy can persuade/trick you to run his program on your phone, it's not your phone anymore

true..... and how to do that? by inserting malwares that open your phone, install keyloggers in legit applications.

**roninblade** · July 8th, 2013 01:33 PM

Originally Posted by 1D4LV

kung Google tests everything, the scenario gets closed and controlled, which is not the way open source works.
people always see opensource as free....not always the case....

in opensource, code should always be available for everyone for manipulation.
dito nagsisimula ang security issues.

btw..... ang problema with open source is not on viruses but on malware.

i think you have the wrong idea about the nature of the issue, open source, and testing.

every major software company does extensive testing but they can't test EVERYTHING. they make tests for each each use case they can think of but they can't cover everything. that's why there are regular patches and updates from Google, MS, and, yes, even Apple. some bugs are serious, some are not. it just turns out this current Android bug is a serious security flaw.

whether closed source or open source if software companies can test absolutely everything then we would live in a perfect world and there would be no software bugs and security issues that require patching.

finally, the issue has nothing to do with open source at all. it has to do hacking and security protocols. bluebox tampered with an application to grant it all permissions (to do anything) on the device. hackers don't have to have your source code to make trojan applications. the problem with android is it's security protocols but the hack is in the apps which are mostly closed source.