Chameleon Android malware can turn off fingerprint unlock to steal your pin::Be careful out there.

  • Deebster@programming.dev
    link
    fedilink
    English
    arrow-up
    32
    ·
    11 months ago

    It still needs a gullible user to change their settings for this to work; not much to worry about here.

    • VieuxQueb@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      50
      ·
      11 months ago

      And not from the play store or official bank site.

      If you install an APK from unreliable source you should treat your phone and account as corrupted.

      • Cethin@lemmy.zip
        link
        fedilink
        English
        arrow-up
        66
        arrow-down
        1
        ·
        11 months ago

        It’s funny imagining people saying this for anything but a phone. “You can only download from the Microsoft store or you should consider your device corrupted.” Take caution, but you don’t need to rely on daddy Google alone.

        • Transporter Room 3@startrek.website
          link
          fedilink
          English
          arrow-up
          25
          arrow-down
          1
          ·
          11 months ago

          Damn, here I was worried I had bricked my phone and made it unusable by loading up my own personal apks when I was trying to learn coding and different app studios.

          I feel like I would have noticed if my phone was unusable though…

        • AdmiralShat@programming.dev
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          11 months ago

          I don’t think this person was saying they think all manual apk installs are suspect, just that installing apks from an unreliable source. There are plenty of reliable sources to get apks

        • driveway@lemmy.zip
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          11 months ago

          Most apps choose to distribute through Play Store only though. If the devs aren’t officially distributing on a separate platform or provide signing keys for you to verify the signature of the APK you get from elsewhere, you’re just asking for malware by downloading it anywhere else.

      • sir_reginald@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        11 months ago

        you need Google to tell you what safe and what’s not? have you ever used a desktop operating system where you usually install programs from different sources?

      • Scubus@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        11 months ago

        Lmao what? I have literally never found an APK I was looking for that did anything sketchy to my phone

      • wikibot@lemmy.worldB
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        11 months ago

        Here’s the summary for the wikipedia article you mentioned in your comment:

        Android is a mobile operating system (32-bit and 64-bit) based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008. At its core, the operating system is known as the Android Open Source Project (AOSP) and is free and open-source software (FOSS) primarily licensed under the Apache License. However, most devices run on the proprietary Android version developed by Google, which ships with additional proprietary closed-source software pre-installed, most notably Google Mobile Services (GMS) which includes core apps such as Google Chrome, the digital distribution platform Google Play, and the associated Google Play Services development platform. Firebase Cloud Messaging is used for push notifications. While AOSP is free, the “Android” name and logo are trademarks of Google, which imposes standards to restrict the use of Android branding by “uncertified” devices outside their ecosystem.Over 70 percent of smartphones based on the Android Open Source Project run Google’s ecosystem (which is known simply as Android), some with vendor-customized user interfaces and software suites, such as TouchWiz and later One UI by Samsung and HTC Sense. Competing ecosystems and forks of AOSP include Fire OS (developed by Amazon), ColorOS by Oppo, OriginOS by Vivo, MagicUI by Honor, or custom ROMs such as LineageOS. The source code has been used to develop variants of Android on a range of other electronics, such as game consoles, digital cameras, portable media players, and PCs, each with a specialized user interface. Some well-known derivatives include Android TV for televisions and Wear OS for wearables, both developed by Google. Software packages on Android, which use the APK format, are generally distributed through proprietary application stores like Google Play Store, Amazon Appstore (including for Windows 11), Samsung Galaxy Store, Huawei AppGallery, Cafe Bazaar, GetJar, and Aptoide, or open source platforms like F-Droid. Android has been the best-selling OS worldwide on smartphones since 2011 and on tablets since 2013. As of May 2021, it had over three billion monthly active users, the largest installed base of any operating system in the world, and as of January 2021, the Google Play Store featured over 3 million apps. Android 14, released on October 4, 2023, is the latest version, and the recently released Android 12.1/12L includes improvements specific to foldable phones, tablets, desktop-sized screens and Chromebooks.

        article | about

      • AdmiralShat@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        11 months ago

        Here’s the summary for the wikipedia article you mentioned in your comment:

        Android is a mobile operating system (32-bit and 64-bit) based on a modified version of the Linux kernel and other open-source software, designed primarily for touchscreen mobile devices such as smartphones and tablets. Android is developed by a consortium of developers known as the Open Handset Alliance, though its most widely used version is primarily developed by Google. It was unveiled in November 2007, with the first commercial Android device, the HTC Dream, being launched in September 2008. At its core, the operating system is known as the Android Open Source Project (AOSP) and is free and open-source software (FOSS) primarily licensed under the Apache License. However, most devices run on the proprietary Android version developed by Google, which ships with additional proprietary closed-source software pre-installed, most notably Google Mobile Services (GMS) which includes core apps such as Google Chrome, the digital distribution platform Google Play, and the associated Google Play Services development platform. Firebase Cloud Messaging is used for push notifications. While AOSP is free, the “Android” name and logo are trademarks of Google, which imposes standards to restrict the use of Android branding by “uncertified” devices outside their ecosystem.Over 70 percent of smartphones based on the Android Open Source Project run Google’s ecosystem (which is known simply as Android), some with vendor-customized user interfaces and software suites, such as TouchWiz and later One UI by Samsung and HTC Sense. Competing ecosystems and forks of AOSP include Fire OS (developed by Amazon), ColorOS by Oppo, OriginOS by Vivo, MagicUI by Honor, or custom ROMs such as LineageOS. The source code has been used to develop variants of Android on a range of other electronics, such as game consoles, digital cameras, portable media players, and PCs, each with a specialized user interface. Some well-known derivatives include Android TV for televisions and Wear OS for wearables, both developed by Google. Software packages on Android, which use the APK format, are generally distributed through proprietary application stores like Google Play Store, Amazon Appstore (including for Windows 11), Samsung Galaxy Store, Huawei AppGallery, Cafe Bazaar, GetJar, and Aptoide, or open source platforms like F-Droid. Android has been the best-selling OS worldwide on smartphones since 2011 and on tablets since 2013. As of May 2021, it had over three billion monthly active users, the largest installed base of any operating system in the world, and as of January 2021, the Google Play Store featured over 3 million apps. Android 14, released on October 4, 2023, is the latest version, and the recently released Android 12.1/12L includes improvements specific to foldable phones, tablets, desktop-sized screens and Chromebooks.

        article | source code

  • rush@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    11 months ago

    Note that for this attack to work, you have to be on Android 11 or below (or possibly an earlier patch) as by default accessibility services aren’t allowed to draw-over or interact with elements in the settings app unless you explicitly override it in developer options.

    This extends to some other areas, like for when biometric/system lock APIs are used.