Author

Topic: Warning for all Android users! (Read 438 times)

legendary
Activity: 2268
Merit: 18748
February 11, 2020, 04:32:46 PM
#27
I wish i can read more opinions about those free systems.
You can. Here are some links to get you started:

GrapheneOS
https://en.wikipedia.org/wiki/GrapheneOS
https://grapheneos.org/
https://www.reddit.com/r/GrapheneOS/
https://github.com/GrapheneOS/

LineageOS
https://en.wikipedia.org/wiki/LineageOS
https://lineageos.org/
https://www.reddit.com/r/LineageOS/
https://github.com/LineageOS

Replicant
https://en.wikipedia.org/wiki/Replicant_(operating_system)
https://www.replicant.us/
https://www.reddit.com/r/ReplicantOS/
https://git.replicant.us/replicant

Ubuntu Touch
https://en.wikipedia.org/wiki/Ubuntu_Touch
https://ubuntu-touch.io/
https://www.reddit.com/r/Linux/ and https://www.reddit.com/r/Ubuntu/
https://github.com/ubports/ubuntu-touch

There's also a couple of great "Beginner's Guides" available here: https://www.androidauthority.com/lineageos-install-guide-893303/ and https://www.howtogeek.com/348545/how-to-install-lineageos-on-android/. They are written with Lineage OS in mind, but are largely applicable to any custom OS. They nicely talk you through the processes of installing the necessary software on your computer, downloading the necessary software for your phone, backing up your phone, and flashing your phone.
hero member
Activity: 2338
Merit: 757
February 11, 2020, 04:18:44 PM
#26
...
The great advice should be "stop using android, it's not trusted enough", but what would be the alternative!?
...

A good solution to this problem is to switch to iOS) But we know that not everyone owns an Iphone, so the most common is Android. You just need to be aware of all the risks associated with installing apps and be responsible about what you want to install on your smartphone.
Like suggested in previous replies, there does also exist open source operating systems for mobile {honestly,i was surprised know that i can ignore the actual ones} and that users looking for free mobile use can really get this. I still encourage users to have more experiences testing different ones. I wish i can read more opinions about those free systems.
hero member
Activity: 2128
Merit: 532
FREE passive income eBook @ tinyurl.com/PIA10
February 11, 2020, 11:53:31 AM
#25
A good solution to this problem is to switch to iOS) But we know that not everyone owns an Iphone, so the most common is Android. You just need to be aware of all the risks associated with installing apps and be responsible about what you want to install on your smartphone.

Not everyone (including myself) could afford a fruit product, but I reckon this should keep us safe from harm
legendary
Activity: 2268
Merit: 1655
To the Moon
February 11, 2020, 11:07:41 AM
#24
...
The great advice should be "stop using android, it's not trusted enough", but what would be the alternative!?
...

A good solution to this problem is to switch to iOS) But we know that not everyone owns an Iphone, so the most common is Android. You just need to be aware of all the risks associated with installing apps and be responsible about what you want to install on your smartphone.
legendary
Activity: 3122
Merit: 1398
For support ➡️ help.bc.game
February 10, 2020, 04:59:05 PM
#23
I checked in settings and the problem is i not have any update available for my phone , last security update 1 February 2019. When i press search say not any available, what i can do?

Over a year with no update is likely that devs stop working on updates or already reached the possible updates that can apply to your phone model. That's normal even for the latest model and to verify this you need to interact with their community. In most cases, it should have an announcement. Try searching for your phone's community in XDA.



Old devices might never get an update as well,so if you can afford a new one just go for it with latest oxygen version so you will be safer to the vulnerabilities as long as you verify any apps before installing.
Well, the problem is not old device, it still works ok but who know, they have problem with Google and not receive any further update. You reffer me to install a custom OS?

Actually, either you are using Stock or Custom ROM, it doesn't matter with regard to security. Just take note of the basic things needed regarding the security of your phone. Malware or any type of harmful and malicious software will not be triggered automatically unless the user will execute it, maybe because they don't have an idea of what they are dealing with.

The majority of Custom ROM doesn't really upgrade you into the genuine version of an updated OS. It was ported to feel the experience of having an updated OS while at the same time, tweaking your phone model performance by removing bloatware and adding some enhancements. It also gives you the ability to modify CPU performance by overclocking and allowing you to install a Custom Kernel.
newbie
Activity: 14
Merit: 0
February 10, 2020, 04:44:13 PM
#22
I checked in settings and the problem is i not have any update available for my phone , last security update 1 February 2019. When i press search say not any available, what i can do?
Old devices might never get an update as well,so if you can afford a new one just go for it with latest oxygen version so you will be safer to the vulnerabilities as long as you verify any apps before installing.

Well, the problem is not old device, it still works ok but who know, they have problem with Google and not receive any further update. You reffer me to install a custom OS?
legendary
Activity: 3346
Merit: 3125
February 10, 2020, 04:13:36 PM
#21
Thanks for sharing this information with us, i would like to list the Vulns patched in this update:

CVE-2020-0022 - remote code execution
CVE-2020-0005, CVE-2020-0026, and CVE-2020-0027 - elevation of privilege bugs
CVE-2020-0028 - information disclosure issue
CVE-2020-0014, CVE-2020-0015, and CVE-2019-2200 - elevation of privilege flaws
CVE-2020-0017, CVE-2020-0018, and CVE-2020-0020 - three information disclosure issues
CVE-2020-0021 - DoS bug

If someone wants to get more information about this bug, I think the best source is the bulletin from Android:

https://source.android.com/security/bulletin/2020-02-01
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
February 10, 2020, 03:15:39 PM
#20
Thanks for warning, it's really concerning thing. Unfortunately I will get this update just in the end of February, because usually I get updates just in the end of ongoing month.
To avoid potential abuse from these vulnerabilities, as always, do not download applications from unconfirmed sources, and do not click the suspicious links you receive by email and social networks. Google Play should be safe, but not every application can be checked - so approach every download with great caution.
Good suggestion, but unfortunately Google Play is very far from being safe. It's full of dangerous apps. Main problem that everyone can upload app to it and it's uploaded without manual check. They just have to pay little dev fee. I'm not big fan of Apple, but their App Store is much better in terms of security.
legendary
Activity: 2730
Merit: 7065
February 09, 2020, 03:00:09 PM
#19
I installed the most recent updates for my phone just the other week. It is a relatively new phone but there were no updates available for me since October. I assume that some of these vulnerabilities were fixed with my January update. I only get maximum one per month so the end of February and beginning of March is the next one, if they release one.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
February 09, 2020, 01:43:27 PM
#18
I checked in settings and the problem is i not have any update available for my phone , last security update 1 February 2019. When i press search say not any available, what i can do?
Old devices might never get an update as well,so if you can afford a new one just go for it with latest oxygen version so you will be safer to the vulnerabilities as long as you verify any apps before installing.
newbie
Activity: 14
Merit: 0
February 09, 2020, 01:29:37 PM
#17
I checked in settings and the problem is i not have any update available for my phone , last security update 1 February 2019. When i press search say not any available, what i can do?
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
February 09, 2020, 12:52:33 PM
#16
Any techies here? I am using Android Oxygen and my system is up to date, is there anything I have to worry about it?

In addition to installing some security software as additional protection, you just need to remain vigilant and apply the patch when it is available. In order for hackers to exploit the above vulnerabilities, they must first infect the device and they can only do that through malicious apps.

I have experience with the spyware and malware installed into android device when we surf random pages while clicking some popup or any annoying notification so now I have new device especially for some crypto wallets so I think twice or thrice before installing any new apps.

Just a tip, check your app manager for an app that doesn't have a logo or name but it does occupy a space which normally can found at the bottom of the list,if you found anything just uninstall it straight away better factory restore your android.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
February 09, 2020, 10:56:47 AM
#15
Im currently using huawei device and Im not sure if whether I could update it to the latest OS or stuck with android OS 9. 0 cause Im thinking also of the security of my phone since most of my wallets are mobile app based.

Depending of what Huawei model of phone you using you'll have to wait for your upgrade to be available. In my case (Huawei P30) I get option to upgrade maybe a month after they release it. As always new models get update first, then old ones - and it can take for months to all models get Android 10. Are you sure that you have automatic update ON? Go to Settings - > System/Updates and check manually. There is also option to use Huawei official Support app (check your apps) and check is upgrade available from there.

Any techies here? I am using Android Oxygen and my system is up to date, is there anything I have to worry about it?

In addition to installing some security software as additional protection, you just need to remain vigilant and apply the patch when it is available. In order for hackers to exploit the above vulnerabilities, they must first infect the device and they can only do that through malicious apps.
hero member
Activity: 2338
Merit: 757
February 09, 2020, 05:16:44 AM
#14
Im currently using huawei device and Im not sure if whether I could update it to the latest OS or stuck with android OS 9. 0 cause Im thinking also of the security of my phone since most of my wallets are mobile app based.
As your wallets are mobile app based, i think it would be better not to update your system as it's not that harmful too. I would also recommend you to use another device for your social media apps. I tell you this based on my own experience when i had to delete my BitPay wallet after forgotten its pin code, then by trying to reinstall the wallet i found that the wallet itself had been upgraded to a new version and the old one, which is compatible with my os, is no longer available in play store. I had to upgrade my os or download the wallet version from a third part entity. As my device comtains other wallets, i just bought another device and use it only for bitpay wallet and migrate other wallets to it .
legendary
Activity: 2590
Merit: 3015
Welt Am Draht
February 09, 2020, 05:00:40 AM
#13
Somewhere along the line the Android model got broken.

I should not have to wait for, or rather be abandoned by, an individual company who are more than likely to be too bone idle to ever do a regular system update let alone a vital security patch.

There must be hundreds of millions of phones with gaping security holes that will never be plugged. Glue your piece of shit skin on top by all means but they shouldn't be able to offer Android without agreeing to a direct pipe of patches straight from Google.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
February 09, 2020, 04:50:18 AM
#12
Any techies here? I am using Android Oxygen and my system is up to date, is there anything I have to worry about it?

Yes, don't click on random links in your mail or messages. Sophisticated hackers can take over your phone by exploiting undiscovered vulnerabilities in your browser followed by some in the kernel when you click on their link. The links are also put into innocent-looking messages. A lot phones belonging to high-profile people have been hacked that way. This also applies to iOS too.
legendary
Activity: 2268
Merit: 1379
Fully Regulated Crypto Casino
February 09, 2020, 03:31:56 AM
#11
I never install apps from thirdparty websites and rarely even install any new apps rather I just use it to scroll newsfeed of social media and also for chatting purpose mostly.

Same case with you mate. Never install from a third party app. Using phone for social media would not be harmful IMO, OP is just raising an awareness about those app from Playstore which not all are trusted.

Im currently using huawei device and Im not sure if whether I could update it to the latest OS or stuck with android OS 9. 0 cause Im thinking also of the security of my phone since most of my wallets are mobile app based.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
February 08, 2020, 11:55:11 AM
#10
Any techies here? I am using Android Oxygen and my system is up to date, is there anything I have to worry about it?

I never install apps from thirdparty websites and rarely even install any new apps rather I just use it to scroll newsfeed of social media and also for chatting purpose mostly.
newbie
Activity: 14
Merit: 0
February 08, 2020, 11:30:34 AM
#9
I have a question. How i can make the update if my phone receive any update from March 2019, as the company have problems with google. And i have android 8 on phone. what to do ?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
February 08, 2020, 09:09:48 AM
#8
The saddest part is that the majority (i can guess) of android users don't care about the system installed in their devices nor in frequent updates automatically done (by default).

This is unfortunately true, as most Internet users today pay very little attention to the security of their personal computers, while it is still a common belief that smartphones do not need any security software and that nothing bad can happen on Android OS.

good thing is goolge is adding new feature , future version of OS in play-store to deliver this updates fast ,

If you think on Android 10, it is true that Google will send updates directly to Play Store, which will certainly speed up the process for all users. I am using latest version of Android 10 on my phone, but so far I don't see any options that solve the above issues.

You might want to change your phrasing here. The way it's worded makes it sound like the new update has 25 vulnerabilities in it i.e. you should not download this new update yet. Better to say it includes patches/fixes for 25 vulnerabilities.

Thanks for the warning, I corrected my mistake Wink

Is the stock android most secure in this situation as it will receive the update first and instantly ?
For different versions of android developed by the mobile phone provides like Color OS etc, they do not receives updates quickly and this will make the phone vulnerable until the update is applied or patched ?

From what I read, this is true because stock Android is actually pure Android from Google without any add-ons, so phones which use this type of OS get updates much faster directly from Google. Reason why others need to wait is in fact that manufactures like Samsung or Huawei need to modify their version of Android for each model before release. Then the latest phones get the update first, but it also depends on the region in which the user is located.

All this means that it will take months for all devices to receive patches, which of course increases the risk for all Android OS users
legendary
Activity: 3136
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
February 08, 2020, 08:30:42 AM
#7
Google has released update for Android (8, 8.1,9, 10) which includes fixes for 25 vulnerabilities, and two of them were marked as critical. They allow the attacker to perform " a remote code execution vulnerability" and "information disclosure". If you use one of the above Android versions, be sure to check manually in settings of your phone is this update available, or if you get an automatic warning be sure to allow installation.

Given that there are a large number of devices that need to receive an update, as always, it will take several months until all the devices are patched. As always, delivery speed depends on the manufacturer of your device, the version of Android and the region where you are located.

To avoid potential abuse from these vulnerabilities, as always, do not download applications from unconfirmed sources, and do not click the suspicious links you receive by email and social networks. Google Play should be safe, but not every application can be checked - so approach every download with great caution.

This is especially important for all who use mobile crypto wallets or any crypto exchange on their smartphones. Treat your devices equally whether it is a PC or a smartphone, security first.

More info : Android's February 2020 Update Patches Critical System Vulnerabilities

Is the stock android most secure in this situation as it will receive the update first and instantly ?
For different versions of android developed by the mobile phone provides like Color OS etc, they do not receives updates quickly and this will make the phone vulnerable until the update is applied or patched ?
hero member
Activity: 2338
Merit: 757
February 07, 2020, 07:53:31 AM
#6
The great advice should be "stop using android, it's not trusted enough", but what would be the alternative!?
There are a number of open source mobile operating systems built upon the Android Open Source Project you could look in to instead if you want to make the move away from stock Android, such as GrapheneOS or LineageOS. There's also completely non-android OSs such as Ubuntu Touch. These will also give you a big privacy boost over stock Android.

To make that switch, you will need to root and flash that os, imo that is even worse than using stock android.
Considering that os should be flashed and rooted in order to migrate from standard android, why do you this is worst than using stock android if it offers more privacy?
Honestly, i didn't know that there is alternative operating systems rather than android and ubunto, this is why i did always feel stucked. I will look into open-source ones but first need to learn how to flash root my device. Thank you o_e_l_e_o for the suggestions .
hero member
Activity: 2520
Merit: 952
February 07, 2020, 07:17:03 AM
#5
The great advice should be "stop using android, it's not trusted enough", but what would be the alternative!?
There are a number of open source mobile operating systems built upon the Android Open Source Project you could look in to instead if you want to make the move away from stock Android, such as GrapheneOS or LineageOS. There's also completely non-android OSs such as Ubuntu Touch. These will also give you a big privacy boost over stock Android.

To make that switch, you will need to root and flash that os, imo that is even worse than using stock android.
legendary
Activity: 2268
Merit: 18748
February 07, 2020, 07:10:40 AM
#4
Google has released update for Android (8, 8.1,9, 10) which includes 25 vulnerabilities, and two of them were marked as critical.
You might want to change your phrasing here. The way it's worded makes it sound like the new update has 25 vulnerabilities in it i.e. you should not download this new update yet. Better to say it includes patches/fixes for 25 vulnerabilities.

To avoid potential abuse from these vulnerabilities, as always, do not download applications from unconfirmed sources, and do not click the suspicious links you receive by email and social networks. Google Play should be safe, but not every application can be checked - so approach every download with great caution.
Unconfirmed sources are not safe, but neither is Google Play. The vast majority of apps with malicious content are spread via the Google Play Store, since the majority of users wouldn't know how to manually download and install an .apk file. As always, don't trust, verify.

The great advice should be "stop using android, it's not trusted enough", but what would be the alternative!?
There are a number of open source mobile operating systems built upon the Android Open Source Project you could look in to instead if you want to make the move away from stock Android, such as GrapheneOS or LineageOS. There's also completely non-android OSs such as Ubuntu Touch. These will also give you a big privacy boost over stock Android.
sr. member
Activity: 698
Merit: 251
February 07, 2020, 06:50:29 AM
#3
I recently read an news article on strandhogg bug and this vulnerabilities , hackers can use this types of bugs to steal data and hack this type of vulnerabilities can cause data theft google should and companies should  push updates fast

good thing is goolge is adding new feature , future version of OS in play-store to deliver this updates fast ,

. Google Play should be safe, but not every application can be checked - so approach every download with great caution.
there are apps in playstore itself which contains malware ,
hero member
Activity: 2338
Merit: 757
February 07, 2020, 06:23:57 AM
#2
25 vulnerabilities !!  That's terrible !
The saddest part is that the majority (i can guess) of android users don't care about the system installed in their devices nor in frequent updates automatically done (by default).
The great advice should be "stop using android, it's not trusted enough", but what would be the alternative!?

This is especially important for all who use mobile crypto wallets or any crypto exchange on their smartphones. Treat your devices equally whether it is a PC or a smartphone, security first.
Wallets, exchanges, authentification apps, ... are all threatened now if you insist to use them in mobile devices with android. Can we suggest to only use desktop versions?
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
February 07, 2020, 05:55:04 AM
#1
Google has released update for Android (8, 8.1,9, 10) which includes fixes for 25 vulnerabilities, and two of them were marked as critical. They allow the attacker to perform " a remote code execution vulnerability" and "information disclosure". If you use one of the above Android versions, be sure to check manually in settings of your phone is this update available, or if you get an automatic warning be sure to allow installation.

Given that there are a large number of devices that need to receive an update, as always, it will take several months until all the devices are patched. As always, delivery speed depends on the manufacturer of your device, the version of Android and the region where you are located.

To avoid potential abuse from these vulnerabilities, as always, do not download applications from unconfirmed sources, and do not click the suspicious links you receive by email and social networks. Google Play should be safe, but not every application can be checked - so approach every download with great caution.

This is especially important for all who use mobile crypto wallets or any crypto exchange on their smartphones. Treat your devices equally whether it is a PC or a smartphone, security first.

More info : Android's February 2020 Update Patches Critical System Vulnerabilities
Jump to: