|
2016-08-09
, 07:40
|
|
Posts: 7,075 |
Thanked: 9,073 times |
Joined on Oct 2009
@ Moon! It's not the East or the West side... it's the Dark Side
|
#12
|
|
2016-08-09
, 07:41
|
|
Posts: 1,478 |
Thanked: 9,871 times |
Joined on Dec 2008
@ Shanghai / London
|
#13
|
|
2016-08-09
, 07:58
|
|
Posts: 6,447 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#14
|
On a more-or-less standard Android device this attack might be rolled into a generic package that can take control of the device and either used to leak data or use it as a part of a botnet.
TLDR; probably you are safe in any case. If you do not install Alien Dalvik at all, you certainly are safe.
The Following 9 Users Say Thank You to pichlo For This Useful Post: | ||
|
2016-08-09
, 09:24
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#15
|
Originally Posted by juicemeBut that's exactly my point! You do not need to exploit any vulnerability or become root to do any of the things you mention.On a more-or-less standard Android device this attack might be rolled into a generic package that can take control of the device and either used to leak data or use it as a part of a botnet.
I know that especially Linux users like to think in terms of root vs non-root and yes, root can cause a damage to the system, but the days when the system was the part worth protecting are gone by at least two decades. Wake up to the 21st century, people. The system is replaceable. The bits that need protecting are your user data. Those do not need a root access to be compromised.
Again, my argument is that you are not safe. You might be safe from an overhyped threat of the week but you are totally unprotected against any potential malicious activity any native Sailfish application may want to do. (Case in hand: the flashlight app, the first Sailfish malware that sprung up just weeks after Sailfish was first released.)
|
2016-08-09
, 10:13
|
|
Posts: 6,447 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#16
|
Actually, on an unrooted & uncompromised Android device you cannot do that much damage or leak personal information;
The Following 5 Users Say Thank You to pichlo For This Useful Post: | ||
|
2016-08-09
, 10:27
|
|
Posts: 4,118 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#17
|
...
Case in point, something like an year ago a friend asked me to backup messages from her device. The phone was unrooted older Samsung Galaxy model, and I had really hard time breaking into the darn thing to gain access to the messages without wiping the device in the process. (when bootloader is unlocked it would wipe it, and have you ever tried rooting a device when bootloader is locked, hmm...)
Anyway, only signed and trusted applications can access the personal information storage which is root accessible only.
...
|
2016-08-09
, 11:33
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#18
|
The Following 3 Users Say Thank You to juiceme For This Useful Post: | ||
|
2016-08-09
, 11:40
|
Community Council |
Posts: 4,920 |
Thanked: 12,867 times |
Joined on May 2012
@ Southerrn Finland
|
#19
|
Really? Then why does virtually every single game my kids install on their tablets have "access to your contacts" on their permissions list?
The Following 6 Users Say Thank You to juiceme For This Useful Post: | ||
|
2016-08-09
, 13:11
|
|
Posts: 6,447 |
Thanked: 20,981 times |
Joined on Sep 2012
@ UK
|
#20
|
I'd imagine it is probably not worth for Google to enforce application developers to only request minimum permissions needed for the application to operate
The Following 3 Users Say Thank You to pichlo For This Useful Post: | ||
Telegram | Openrepos | GitHub | Revolut donations