- cross-posted to:
- technology@lemmit.online
- cross-posted to:
- technology@lemmit.online
Chameleon Android malware can turn off fingerprint unlock to steal your pin::Be careful out there.
It still needs a gullible user to change their settings for this to work; not much to worry about here.
And not from the play store or official bank site.
If you install an APK from unreliable source you should treat your phone and account as corrupted.
It’s funny imagining people saying this for anything but a phone. “You can only download from the Microsoft store or you should consider your device corrupted.” Take caution, but you don’t need to rely on daddy Google alone.
Damn, here I was worried I had bricked my phone and made it unusable by loading up my own personal apks when I was trying to learn coding and different app studios.
I feel like I would have noticed if my phone was unusable though…
not funny anymore. Banks and regulatory are doing this in some countries. Their app just refuses to open if users install any app outside of Google Play Stores.
Take a look at this https://mothership.sg/2023/08/ocbc-security-feature-delete-third-party-apps/
I don’t think this person was saying they think all manual apk installs are suspect, just that installing apks from an unreliable source. There are plenty of reliable sources to get apks
Most apps choose to distribute through Play Store only though. If the devs aren’t officially distributing on a separate platform or provide signing keys for you to verify the signature of the APK you get from elsewhere, you’re just asking for malware by downloading it anywhere else.
you need Google to tell you what safe and what’s not? have you ever used a desktop operating system where you usually install programs from different sources?
Lmao what? I have literally never found an APK I was looking for that did anything sketchy to my phone
That you know of, but I get what you’re saying
That you know of
You mean like Play, which is where 99% of installed malware comes from?
deleted by creator
Here’s the summary for the wikipedia article you mentioned in your comment:
Android is a mobile operating system (32-bit and 64-bit) based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008. At its core, the operating system is known as the Android Open Source Project (AOSP) and is free and open-source software (FOSS) primarily licensed under the Apache License. However, most devices run on the proprietary Android version developed by Google, which ships with additional proprietary closed-source software pre-installed, most notably Google Mobile Services (GMS) which includes core apps such as Google Chrome, the digital distribution platform Google Play, and the associated Google Play Services development platform. Firebase Cloud Messaging is used for push notifications. While AOSP is free, the “Android” name and logo are trademarks of Google, which imposes standards to restrict the use of Android branding by “uncertified” devices outside their ecosystem.Over 70 percent of smartphones based on the Android Open Source Project run Google’s ecosystem (which is known simply as Android), some with vendor-customized user interfaces and software suites, such as TouchWiz and later One UI by Samsung and HTC Sense. Competing ecosystems and forks of AOSP include Fire OS (developed by Amazon), ColorOS by Oppo, OriginOS by Vivo, MagicUI by Honor, or custom ROMs such as LineageOS. The source code has been used to develop variants of Android on a range of other electronics, such as game consoles, digital cameras, portable media players, and PCs, each with a specialized user interface. Some well-known derivatives include Android TV for televisions and Wear OS for wearables, both developed by Google. Software packages on Android, which use the APK format, are generally distributed through proprietary application stores like Google Play Store, Amazon Appstore (including for Windows 11), Samsung Galaxy Store, Huawei AppGallery, Cafe Bazaar, GetJar, and Aptoide, or open source platforms like F-Droid. Android has been the best-selling OS worldwide on smartphones since 2011 and on tablets since 2013. As of May 2021, it had over three billion monthly active users, the largest installed base of any operating system in the world, and as of January 2021, the Google Play Store featured over 3 million apps. Android 14, released on October 4, 2023, is the latest version, and the recently released Android 12.1/12L includes improvements specific to foldable phones, tablets, desktop-sized screens and Chromebooks.
deleted by creator
deleted by creator
Here’s the summary for the wikipedia article you mentioned in your comment:
Android is a mobile operating system (32-bit and 64-bit) based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008. At its core, the operating system is known as the Android Open Source Project (AOSP) and is free and open-source software (FOSS) primarily licensed under the Apache License. However, most devices run on the proprietary Android version developed by Google, which ships with additional proprietary closed-source software pre-installed, most notably Google Mobile Services (GMS) which includes core apps such as Google Chrome, the digital distribution platform Google Play, and the associated Google Play Services development platform. Firebase Cloud Messaging is used for push notifications. While AOSP is free, the “Android” name and logo are trademarks of Google, which imposes standards to restrict the use of Android branding by “uncertified” devices outside their ecosystem.Over 70 percent of smartphones based on the Android Open Source Project run Google’s ecosystem (which is known simply as Android), some with vendor-customized user interfaces and software suites, such as TouchWiz and later One UI by Samsung and HTC Sense. Competing ecosystems and forks of AOSP include Fire OS (developed by Amazon), ColorOS by Oppo, OriginOS by Vivo, MagicUI by Honor, or custom ROMs such as LineageOS. The source code has been used to develop variants of Android on a range of other electronics, such as game consoles, digital cameras, portable media players, and PCs, each with a specialized user interface. Some well-known derivatives include Android TV for televisions and Wear OS for wearables, both developed by Google. Software packages on Android, which use the APK format, are generally distributed through proprietary application stores like Google Play Store, Amazon Appstore (including for Windows 11), Samsung Galaxy Store, Huawei AppGallery, Cafe Bazaar, GetJar, and Aptoide, or open source platforms like F-Droid. Android has been the best-selling OS worldwide on smartphones since 2011 and on tablets since 2013. As of May 2021, it had over three billion monthly active users, the largest installed base of any operating system in the world, and as of January 2021, the Google Play Store featured over 3 million apps. Android 14, released on October 4, 2023, is the latest version, and the recently released Android 12.1/12L includes improvements specific to foldable phones, tablets, desktop-sized screens and Chromebooks.
Note that for this attack to work, you have to be on Android 11 or below (or possibly an earlier patch) as by default accessibility services aren’t allowed to draw-over or interact with elements in the settings app unless you explicitly override it in developer options.
This extends to some other areas, like for when biometric/system lock APIs are used.
So you have to enable the “draw over settings”, which is pretty deep in settings (developer options).
You kinda deserve it if you do this. Lol