• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Attackers exploit 0day vulnerability that gives full control of Android phones

Joined
Jan 5, 2006
Messages
17,640 (2.65/day)
System Name AlderLake / Laptop
Processor Intel i7 12700K P-Cores @ 5Ghz / Intel i3 7100U
Motherboard Gigabyte Z690 Aorus Master / HP 83A3 (U3E1)
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans / Fan
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MHz CL36 / 8GB DDR4 HyperX CL13
Video Card(s) MSI RTX 2070 Super Gaming X Trio / Intel HD620
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2 / Samsung 256GB M.2 SSD
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p / 14" 1080p IPS Glossy
Case Be quiet! Silent Base 600 - Window / HP Pavilion
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W / Powerbrick
Mouse Logitech MX Anywhere 2 Laser wireless / Logitech M330 wireless
Keyboard RAPOO E9270P Black 5GHz wireless / HP backlit
Software Windows 11 / Windows 10
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Vulnerable phones include 4 Pixel models, devices from Samsung, Motorola, and others.

Attackers are exploiting a zeroday vulnerability in Google’s Android mobile operating system that can give them full control of at least 18 different phone models, including four different Pixel models, a member of Google’s Project Zero research group said on Thursday night.

There’s evidence the vulnerability is being actively exploited, either by exploit developer NSO Group or one of its customers, Project Zero member Maddie Stone said in a post. Exploits require little or no customization to fully root vulnerable phones. The vulnerability can be exploited two ways: (1) when a target installs an untrusted app or (2) for online attacks, by combining the exploit with a second exploit targeting a vulnerability in code the Chrome browser uses to render content.

“The bug is a local privilege escalation vulnerability that allows for a full compromise of a vulnerable device,” Stone wrote. “If the exploit is delivered via the Web, it only needs to be paired with a renderer exploit, as this vulnerability is accessible through the sandbox.”


A “non-exhaustive list” of vulnerable phones include:

  • Pixel 1
  • Pixel 1 XL
  • Pixel 2
  • Pixel 2 XL
  • Huawei P20
  • Xiaomi Redmi 5A
  • Xiaomi Redmi Note 5
  • Xiaomi A1
  • Oppo A3
  • Moto Z3
  • Oreo LG phones
  • Samsung S7
  • Samsung S8
  • Samsung S9
High severity
A member of Google’s Android team said in the same Project Zero thread that the vulnerability would be patched—in Pixel devices, anyway—in the October Android security update, which is likely to become available in the next few days. The schedule for other devices to be patched wasn’t immediately clear. Pixel 3 and Pixel 3a devices aren’t affected.

“This issue is rated as high severity on Android and by itself requires installation of a malicious application for potential exploitation,” Tim Willis, another Project Zero member, wrote, citing Android team members. “Any other vectors, such as via web browser, require chaining with an additional exploit.”

Google representatives wrote in email: “Pixel 3 and 3a devices are not vulnerable to this issue, and Pixel 1 and 2 devices will be protected with the October Security Release, which will be delivered in the coming days. Additionally, a patch has been made available to partners in order to ensure the Android ecosystem is protected against this issue.”

The use after free vulnerability originally appeared in the Linux kernel and was patched in early 2018 in version 4.14, without the benefit of a tracking CVE. That fix was incorporated into versions 3.18, 4.4, and 4.9 of the Android kernel. For reasons that weren’t explained in the post, the patches never made their way into Android security updates. That would explain why earlier Pixel models are vulnerable and later ones are not. The flaw is now tracked as CVE-2019-2215.


 

the54thvoid

Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
12,350 (2.37/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
Untrusted Apps....

Says it all really. I know it's maybe not as clear cut but installing untrusted software is always associated with risk.
 
Joined
Sep 17, 2014
Messages
20,697 (5.96/day)
Location
The Washing Machine
Processor i7 8700k 4.6Ghz @ 1.24V
Motherboard AsRock Fatal1ty K6 Z370
Cooling beQuiet! Dark Rock Pro 3
Memory 16GB Corsair Vengeance LPX 3200/C16
Video Card(s) ASRock RX7900XT Phantom Gaming
Storage Samsung 850 EVO 1TB + Samsung 830 256GB + Crucial BX100 250GB + Toshiba 1TB HDD
Display(s) Gigabyte G34QWC (3440x1440)
Case Fractal Design Define R5
Audio Device(s) Harman Kardon AVR137 + 2.1
Power Supply EVGA Supernova G2 750W
Mouse XTRFY M42
Keyboard Lenovo Thinkpad Trackpoint II
Software W10 x64
Untrusted Apps....

Says it all really. I know it's maybe not as clear cut but installing untrusted software is always associated with risk.

Play Store curation isn't flawless either though. Flashlight apps... and the endless fiddling with permissions... There have been malware reports on trusted apps too.

But, yes. Untrusted software should be avoided and people can use some more awareness on that.
 

eidairaman1

The Exiled Airman
Joined
Jul 2, 2007
Messages
40,435 (6.62/day)
Location
Republic of Texas (True Patriot)
System Name PCGOD
Processor AMD FX 8350@ 5.0GHz
Motherboard Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory 16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s) AMD Radeon 290 Sapphire Vapor-X
Storage Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s) NEC Multisync LCD 1700V (Display Port Adapter)
Case AeroCool Xpredator Evil Blue Edition
Audio Device(s) Creative Labs Sound Blaster ZxR
Power Supply Seasonic 1250 XM2 Series (XP3)
Mouse Roccat Kone XTD
Keyboard Roccat Ryos MK Pro
Software Windows 7 Pro 64
Visit xdaforums for help too
 
Joined
Mar 6, 2017
Messages
3,199 (1.24/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Play Store curation isn't flawless either though.
That's an understatement man.

When it comes to vetting apps for the Google Play Store, the whole process is a freakin' joke! Apps have been approved only to have them removed months later for containing malware. And this hasn't happened a few times, it's happened A LOT. Considering how much money Google brings in on a yearly basis you'd think that they would be able to afford a proper app testing group so as to prevent this kind of stuff from happening. This is where Apple really outshines Google.

And before people will say that Google can just patch it via the Google Play Services, the answer to that would be... NOPE!!! This can only be patched via an OTA update since this is at a much lower level than Google Play Services can touch.

Sure, if you have a Google-branded device then you're going to be fine since they themselves can push updates out quickly. But if you have a Samsung? Yeah... um, good luck with that; you're going to need it.
 
Last edited:

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.

INSTG8R

Vanguard Beta Tester
Joined
Nov 26, 2004
Messages
7,955 (1.13/day)
Location
Canuck in Norway
System Name Hellbox 5.1(same case new guts)
Processor Ryzen 7 5800X3D
Motherboard MSI X570S MAG Torpedo Max
Cooling TT Kandalf L.C.S.(Water/Air)EK Velocity CPU Block/Noctua EK Quantum DDC Pump/Res
Memory 2x16GB Gskill Trident Neo Z 3600 CL16
Video Card(s) Powercolor Hellhound 7900XTX
Storage 970 Evo Plus 500GB 2xSamsung 850 Evo 500GB RAID 0 1TB WD Blue Corsair MP600 Core 2TB
Display(s) Alienware QD-OLED 34” 3440x1440 144hz 10Bit VESA HDR 400
Case TT Kandalf L.C.S.
Audio Device(s) Soundblaster ZX/Logitech Z906 5.1
Power Supply Seasonic TX~’850 Platinum
Mouse G502 Hero
Keyboard G19s
VR HMD Oculus Quest 2
Software Win 10 Pro x64
/Chuckles in iOS :rolleyes:

BUT I just read there’s a Zero Day exploit in iTunes that’s recently been uncovered thankfully I removed that bloat from my PC a few months ago
 
Joined
Mar 6, 2017
Messages
3,199 (1.24/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
/Chuckles in iOS :rolleyes:
Me too. I have an iPhone 11 Pro.
BUT I just read there’s a Zero Day exploit in iTunes that’s recently been uncovered thankfully I removed that bloat from my PC a few months ago
I'm kind of screwed there since I use Apple Music. The flaw has been fixed though.
 
Joined
Sep 10, 2016
Messages
805 (0.29/day)
Location
Riverwood, Skyrim
System Name Storm Wrought | Blackwood (HTPC)
Processor AMD Ryzen 9 5900x @stock | i7 2600k
Motherboard Gigabyte X570 Aorus Pro WIFI m-ITX | Some POS gigabyte board
Cooling Deepcool AK620, BQ shadow wings 3 High Spd, stock 180mm |BQ Shadow rock LP + 4x120mm Noctua redux
Memory G.Skill Ripjaws V 2x32GB 4000MHz | 2x4GB 2000MHz @1866
Video Card(s) Powercolor RX 6800XT Red Dragon | PNY a2000 6GB
Storage SX8200 Pro 1TB, 1TB KC3000, 850EVO 500GB, 2+8TB Seagate, LG Blu-ray | 120GB Sandisk SSD, 4TB WD red
Display(s) Samsung UJ590UDE 32" UHD monitor | LG CS 55" OLED
Case Silverstone TJ08B-E | Custom built wooden case (Aus native timbers)
Audio Device(s) Onboard, Sennheiser HD 599 cans / Logitech z163's | Edifier S2000 MKIII via toslink
Power Supply Corsair HX 750 | Corsair SF 450
Mouse Microsoft Pro Intellimouse| Some logitech one
Keyboard GMMK w/ Zelio V2 62g (78g for spacebar) tactile switches & Glorious black keycaps| Some logitech one
VR HMD HTC Vive
Software Win 10 Edu | Ubuntu 22.04
Benchmark Scores Look in the various benchmark threads
Joined
Mar 6, 2017
Messages
3,199 (1.24/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
OT: How is the 11 pro so far as I'm looking at getting one
Oh, I love it myself. I've not really had a chance to play with the new camera setup yet so I can't say anything about that. I did have an iPhone 7 Plus before so in comparison the iPhone 11 Pro is... stupid quick (that's a good thing!). The screen itself, being an OLED screen, is seriously awesome. The whites are vivid, colors pop, and the blacks are inky black. Oh, and battery life is absolutely amazing.
 
Joined
Mar 26, 2010
Messages
9,762 (1.91/day)
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel Xeon X3470
Motherboard Gigabyte Technology Co. Ltd. P55A-UD3R (Socket 1156)
Cooling Enermax ETS-T40F
Memory Samsung 8.00GB Dual-Channel DDR3
Video Card(s) NVIDIA Quadro FX 1800
Storage V-GEN03AS18EU120GB, Seagate 2 x 1TB and Seagate 4TB
Display(s) Samsung 21 inch LCD Wide Screen
Case Icute Super 18
Audio Device(s) Auzentech X-Fi Forte
Power Supply Silverstone 600 Watt
Mouse Logitech G502
Keyboard Sades Excalibur + Taihao keycaps
Software Win 7 64-bit
Benchmark Scores Classified
Flashlight would like access to:
- Contacts
- Light
That's why i usually removing full network access on that app, but too bad the app pulled out from play store
 
Joined
Mar 16, 2017
Messages
1,621 (0.63/day)
Location
Tanagra
Flashlight? Does Android not have that built-in? It’s been a while since I’ve used an Android phone. I’m so used to it being on the lock screen on iO, so I figured it was standard issue these days.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
25,743 (3.79/day)
Location
Alabama
System Name Rocinante
Processor I9 13900ks
Motherboard EVGA z690 Dark KINGPIN
Cooling EK-AIO Elite 360 D-RGB
Memory 64GB Gskill Trident Z5 DDR5 6000 @6400
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 500GB 980 Pro | 1x 1TB 980 Pro | 1x 8TB Corsair MP400
Display(s) Odyssey OLED G9 G95SC
Case Lian Li o11 Evo Dynamic White
Audio Device(s) Moondrop S8's on Schiit Hel 2e
Power Supply Bequiet! Power Pro 12 1500w
Mouse Lamzu Atlantis (White)
Keyboard Monsgeek M3 Lavender, Akko Crystal Blues
VR HMD Quest 3
Software Windows 11
Benchmark Scores I dont have time for that.
Flashlight? Does Android not have that built-in? It’s been a while since I’ve used an Android phone. I’m so used to it being on the lock screen on iO, so I figured it was standard issue these days.

I think it was more of just an example. Super arbitrary apps asking for access to things that are not relevant.
 
Joined
Nov 24, 2017
Messages
853 (0.37/day)
Location
Asia
Processor Intel Core i5 4590
Motherboard Gigabyte Z97x Gaming 3
Cooling Intel Stock Cooler
Memory 8GiB(2x4GiB) DDR3-1600 [800MHz]
Video Card(s) XFX RX 560D 4GiB
Storage Transcend SSD370S 128GB; Toshiba DT01ACA100 1TB HDD
Display(s) Samsung S20D300 20" 768p TN
Case Cooler Master MasterBox E501L
Audio Device(s) Realtek ALC1150
Power Supply Corsair VS450
Mouse A4Tech N-70FX
Software Windows 10 Pro
Benchmark Scores BaseMark GPU : 250 Point in HD 4600

Space Lynx

Astronaut
Joined
Oct 17, 2014
Messages
15,725 (4.57/day)
Location
Kepler-186f
Processor Ryzen 5600G (-25 CO)
Motherboard MSI B550 Pro VC
Cooling FC 140 + MX-6
Memory (4x8gb) 3200
Video Card(s) igpu oc'd to 2300mhz 1.30v
Storage WD SN770 500GB
Display(s) Acer 165hz 1080p IPS 23.8"
Case NZXT H710 (Red/Black)
Audio Device(s) HD58X, Asgard 2, Modi 3
Power Supply Corsair RM850W Gold
Software Linux Mint Edge
Joined
Sep 6, 2019
Messages
1,118 (0.67/day)
System Name just ordinary potato system, but dont understimate potato..
Processor ryzen raven ridge 2200g, ryzen 2600 upgrade:)
Motherboard msi b350 pc mate, biostars a320, asrock ab350m micro
Cooling x2 cheap china handmade, i got plenty aigo/fantech rgb fans now heh
Memory klevv dual channel 8gb 3000mhz, trident 16gb 3600mhz, random ddr2 stick
Video Card(s) back to square, using vega 56 now:D
Storage wd green ssd 240gb, 3tb seagate expnasion, random laptop hdd x4, 1tb 3.5
Display(s) acer vgo 22inch fullhd 75hz
Case cheap segotep/dazumba mid atx, alcatroz mini atx
Audio Device(s) genius retro wood style, harman kardon stick iii
Power Supply be quite system power9, powerlogic standar, voltron 300fx, thermaltake smart 1200w
Mouse rexus, genius ps/2, powerlogic ps/2 ball tracking
Keyboard rexus, random china product x3
Software talking abt best software, autodesk/unity3d/notepad yes notepad!!
Benchmark Scores theres nothing to brag abt potato, but it can run decent 30fps fullhd with good setting:)
so should i care about my phone transaction?! nope, i belive bank security has a standart to get rid of this kind of thing:)
 
Joined
Dec 16, 2017
Messages
2,718 (1.19/day)
Location
Buenos Aires, Argentina
System Name System V
Processor AMD Ryzen 5 3600
Motherboard Asus Prime X570-P
Cooling Cooler Master Hyper 212 // a bunch of 120 mm Xigmatek 1500 RPM fans (2 ins, 3 outs)
Memory 2x8GB Ballistix Sport LT 3200 MHz (BLS8G4D32AESCK.M8FE) (CL16-18-18-36)
Video Card(s) Gigabyte AORUS Radeon RX 580 8 GB
Storage SHFS37A240G / DT01ACA200 / WD20EZRX / MKNSSDTR256GB-3DL / LG BH16NS40 / ST10000VN0008
Display(s) LG 22MP55 IPS Display
Case NZXT Source 210
Audio Device(s) Logitech G430 Headset
Power Supply Corsair CX650M
Mouse Microsoft Trackball Optical 1.0
Keyboard HP Vectra VE keyboard (Part # D4950-63004)
Software Whatever build of Windows 11 is being served in Dev channel at the time.
Benchmark Scores Corona 1.3: 3120620 r/s Cinebench R20: 3355 FireStrike: 12490 TimeSpy: 4624
Flashlight apps...

Wait. Flashlight apps? WTH? That's not part of the OS yet?

EDIT: W10 has had it since forever.

wp_ss_20191013_0001-2.png

Untrusted software should be avoided and people can use some more awareness on that.

The most uphill battle I've ever fought. Maybe it's just my case, but more than once, if the person I was talking to wasn't either old or paranoid, people kind shrugged about potential risks, as if saying "so?".
 
Last edited:
Joined
May 30, 2018
Messages
1,890 (0.89/day)
Location
Cusp Of Mania, FL
Processor Ryzen 9 3900X
Motherboard Asus ROG Strix X370-F
Cooling Dark Rock 4, 3x Corsair ML140 front intake, 1x rear exhaust
Memory 2x8GB TridentZ RGB [3600Mhz CL16]
Video Card(s) EVGA 3060ti FTW3 Ultra Gaming
Storage 970 EVO 500GB nvme, 860 EVO 250GB SATA, Seagate Barracuda 1TB + 4TB HDDs
Display(s) 27" MSI G27C4 FHD 165hz
Case NZXT H710
Audio Device(s) Modi Multibit, Vali 2, Shortest Way 51+ - LSR 305's, Focal Clear, HD6xx, HE5xx, LCD-2 Classic
Power Supply Corsair RM650x v2
Mouse iunno whatever cheap crap logitech *clutches Xbox 360 controller security blanket*
Keyboard HyperX Alloy Pro
Software Windows 10 Pro
Benchmark Scores ask your mother
Flashlight? Does Android not have that built-in? It’s been a while since I’ve used an Android phone. I’m so used to it being on the lock screen on iO, so I figured it was standard issue these days.
It does now. You slide down the top bar on pretty much any of them and it's right there with wifi, bluetooth, and so on. I can't remember when it became standard, but I remember having android phones maybe 5 years back and further that didn't have an embedded flashlight feature. Friends/and family had the same issue and had to use apps. Very few people I met ever had it by default... it was something to boast about if you did. But then other android phones released at the same time did. I think for some reason certain builds didn't have it... seeing what I've seen with certain manufacturers' custom android builds builds, there was worse seemingly-arbitrary crippling than that. No surprise there. They all seem to find a way to fuck something up one way or another.

Maybe I've got it backwards. It may not have been standard back then and some of the more perceptive manufacturers were baking it into their own builds. Come to think of it, some of the cheap tracfone-type models still don't have it. Maybe because a lot of those are older models or slimmed-down models running pretty old versions of android. Who knows? Either way, quite the absurd scenario.

But yes, I remember the permissions so many of them asked for. There was one that wanted basically everything... even voice and GPS. And a lot of them barely worked to begin with. Pretty ridiculous that any of them made it through, or than anybody used them. But people did, because your average person just ignores the permissions prompt completely. "You know you just gave that app permission to do whatever it wants with that camera looking at you, right?" "Bleh, I need it."

That's the thing about those flashlight apps. They all require camera access, due to the nature of their function. Kinda sketchy to have to give that to some no-name app. Huge oversight to no have had it standard for so long and leave it to whoever wants into your camera to half-bake a semi-working flashlight app.

Some of the most popular ones were absolute crap, on top of being a security risk. So ridiculous to need an app to control such a basic hardware function. Glad those days are over. I still am not a fan of play store, for so many reasons. Most of the apps on it seem to be pretty dodgy. I'd bet it's more dodgy ones than good ones. Too easy to get in and too lucrative. You'd expect something more professional and... rounded-out. But no... pretty much any non service or device specific app you want is probably iffy. It's about as trustworthy as ebay or alibaba.
 
Last edited:
Joined
Jun 28, 2016
Messages
3,595 (1.27/day)
Flashlight? Does Android not have that built-in? It’s been a while since I’ve used an Android phone. I’m so used to it being on the lock screen on iO, so I figured it was standard issue these days.
What's so surprising about people trying alternatives?
Some people look for additional functionality (like strobe or signals).
Some people do it for fun.
Let them. :)

Anyway, it was just an example. It is true that apps on Android have absurd permission requirements - even those coming from respected, large corporations.
 
Joined
Sep 26, 2019
Messages
12 (0.01/day)
System Name The $100 Space Heater
Processor AMD FX-6300 3.5GHz
Motherboard ASUS M5A78L-M LX/BR
Cooling Stock CPU Fan
Memory 8GB DDR3 (2400MHz) Dual-Channel
Video Card(s) AMD Radeon RX 550 4GB
Storage 2x 500GB HDD (5.2k RPM)
Display(s) 1080p Monitor
Case Generic
Power Supply CORSAIR VS500
Mouse Logitech B100
Keyboard Logitech K120
Software Windows 10
Benchmark Scores Bad.
Installing untrusted apps is pretty much the same as shooting yourself in the foot.
Though that's not to say that even some Play Store "safe" apps aren't sketchy as hell. Google's quality control is about as effective as Steam Greenlight's quality control (as in, there is next to none.)
 
Joined
Nov 27, 2010
Messages
924 (0.19/day)
System Name future xeon II
Processor DUAL SOCKET xeon e5 2686 v3 , 36c/72t, hacked all cores @3.5ghz, TDP limit hacked
Motherboard asrock rack ep2c612 ws
Cooling case fans,liquid corsair h100iv2 x2
Memory 96 gb ddr4 2133mhz gskill+corsair
Video Card(s) 2x 1080 sc acx3 SLI, @STOCK
Storage Hp ex950 2tb nvme+ adata xpg sx8200 pro 1tb nvme+ sata ssd's+ spinners
Display(s) philips 40" bdm4065uc 4k @60
Case silverstone temjin tj07-b
Audio Device(s) sb Z
Power Supply corsair hx1200i
Mouse corsair m95 16 buttons
Keyboard microsoft internet keyboard pro
Software windows 10 x64 1903 ,enterprise
Benchmark Scores fire strike ultra- 10k time spy- 15k cpu z- 400/15000
been insalling 3rd prty apk's since forever, just keep two av's active in the device, google's play protect also scans apps
 
Joined
Aug 20, 2007
Messages
20,674 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64
been insalling 3rd prty apk's since forever, just keep two av's active in the device, google's play protect also scans apps

Me as well. Just know where and from whom it came. Same as PC.
 
Joined
Sep 26, 2019
Messages
12 (0.01/day)
System Name The $100 Space Heater
Processor AMD FX-6300 3.5GHz
Motherboard ASUS M5A78L-M LX/BR
Cooling Stock CPU Fan
Memory 8GB DDR3 (2400MHz) Dual-Channel
Video Card(s) AMD Radeon RX 550 4GB
Storage 2x 500GB HDD (5.2k RPM)
Display(s) 1080p Monitor
Case Generic
Power Supply CORSAIR VS500
Mouse Logitech B100
Keyboard Logitech K120
Software Windows 10
Benchmark Scores Bad.
Me as well. Just know where and from whom it came. Same as PC.
I mean, yeah, there's that too.
As far as you know where you're downloading stuff from, you should be fine. In that sense it's pretty much the same as downloading PC software.
 
Joined
Nov 21, 2010
Messages
2,221 (0.46/day)
Location
Right where I want to be
System Name Miami
Processor Ryzen 3800X
Motherboard Asus Crosshair VII Formula
Cooling Ek Velocity/ 2x 280mm Radiators/ Alphacool fullcover
Memory F4-3600C16Q-32GTZNC
Video Card(s) XFX 6900 XT Speedster 0
Storage 1TB WD M.2 SSD/ 2TB WD SN750/ 4TB WD Black HDD
Display(s) DELL AW3420DW / HP ZR24w
Case Lian Li O11 Dynamic XL
Audio Device(s) EVGA Nu Audio
Power Supply Seasonic Prime Gold 1000W+750W
Mouse Corsair Scimitar/Glorious Model O-
Keyboard Corsair K95 Platinum
Software Windows 10 Pro
Untrusted Apps....

Says it all really. I know it's maybe not as clear cut but installing untrusted software is always associated with risk.

You should have finished reading the second half of that sentence, it can install itself when using chrome which isn't exactly an untrusted app.
 
Joined
Mar 6, 2017
Messages
3,199 (1.24/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
When it comes to the safety of apps on the Google Play Store, Google really should be getting off of their lazy asses with all that damn money they have in their coffers and do their damn jobs!!! This ain't no poor little company here, this is a company that's pulling in millions per business quarter ($136.22 Billion in 2018 alone!); they can afford it, don't tell me that they can't. They have the money and resources to make sure that every app released to the Play Store is fully vetted, they just choose not to do so and so months later apps need to be removed (often hundreds of them) all because of malware.

This is laziness, plain and simple. Google ain't doing their job!
 
Last edited:
Top