back to article Google says most users 'protected' against 'Quadrooter'

The Quadrooter vulnerabilities in Qualcomm-based Android phones can grant apps total control over devices – but Google reckons malicious code exploiting the flaws should hardly ever reach users. The Chocolate Factory reckons the Verify Apps feature in its Play Store was already blocking apps that tried to take advantage of …

  1. Anonymous Coward
    Anonymous Coward

    Google says it will have that one patched soon

    However, getting the update to everyone not on a nexus device, well, thats a whole different kettle of fish altogether.

    1. Planty Bronze badge

      Re: Google says it will have that one patched soon

      And as pointed out by Google (and the billions of Android users that never actually suffer effects of these overblown problems), its not going to matter. It will get caught in the next layer of the Android security onion.

      https://i.kinja-img.com/gawker-media/image/upload/s--gDPWd1hB--/c_scale,fl_progressive,q_80,w_800/193dvap29fgc3jpg.jpg

  2. Anonymous Coward
    Anonymous Coward

    And how many bad apps did researchers find in the Play Store recently?

    It is good that they've blocked attempts to use quadrooter from the Play Store, but that doesn't mean they got all of them - they can only report on the ones they blocked, not the ones they missed. Even if they got them all, that doesn't guarantee someone won't find a way to get it past them tomorrow.

    Though in order to really make an impact, you need to take advantage of one of the holes that can be spread via MMS. Then the malware can forward itself to all your contacts, and then to theirs, and so on to hit hundreds of millions of phones in a day. Waiting on someone to download your app in the Play Store is a long term game, and you need an app people will want. Unless you can plant malware in Pokemon Go or Facebook, you are never going to get very many people by relying on them to download compromised apps.

  3. Anonymous Coward
    Anonymous Coward

    This months nexus patch was populated a day back, but strangely google only patched 1 out of 2 outstanding cve's effecting this :( bit of a strange move to do one and not the other.

    What happens when someone writes an app, submits it to the pay store without any quadroot code, it becomes popular, then after a few weeks its updated so that once installed it can fetch an file from an external source (in package update). Then after a few weeks this is adjusted so the in app upgrade fetches quadroot code, by the time it was detected its already game over....

    Surely its better to have closed and locked windows rather than leave one open and place a security guard in front in the hope no one slips past when he is napping.

  4. Andrew Jones 2

    Just a FYI - "Verify Apps" ships as part of Google Play Services and should protect devices all the way back to Android 2.3 https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=verify+apps+android+2.3

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021