![]() |
![]() |
#1 (permalink) |
Senior Member
Join Date: Aug 2012
Posts: 192
|
![]()
Android has a lot (really, A LOT) of severe security issues that could compromise your phone and data. The Android VTS tool has been out for some time, and the latest version will help you in detecting all system vulnerabilities (known as CVEs). That's the good news.
The bad news is it won't patch nor fix them since that's the work of your phone's vendor, meaning there are little chances you'll get them solved unless you a have recent flagship device. The app was pulled from the PlayStore some weeks ago (maybe because it was a direct hit at Google), but can still be downloaded from the official GitHub page: https://github.com/nowsecure/android-vts/releases Even though my phone is running Lollipop 5.1.1, the app detected 5 vulnerabilities, which confirms that having the "latest" android version doesn't mean your phone is protected. |
![]() |
![]() |
![]() |
#2 (permalink) |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]()
Interesting thanks.
What is your view of the VirusTotal scan of the Android VTS Tool, anything to worry about?? |
![]() |
![]() |
![]() |
#3 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Android Lollipop is not the latest, to be correct. Android Marshmallow is the latest version.
And with this release of the OS, Google and other vendors have decided to release monthly stability and security patches for the OS, which is quite a good decision, keeping in mind the security. I have a Nexus 5, and it has been receiving these monthly updates. However, yes, when the vendor decides not to release any more updates for that device, then it's a problem.
__________________
Anupam |
![]() |
![]() |
![]() |
#4 (permalink) | |
Senior Member
Join Date: Aug 2012
Posts: 192
|
![]() Quote:
@Anupam, Yes, you're right. Android M (6.0.1 to be more specific) is the latest version of Android, but is only available for some Nexus and Pure Edition devices, which are controlled by Google. The rest of devices are running Android JellyBean, KitKat or Lollipop at best, and only some lucky ones are to receive the 6.0.1 update in January or February. As for the monthly stability and security patches, once again the Nexus series seems to be the only one receiving them through the "Android Security Bulletin Monthly Release". Although Motorola, LG, and Samsung were the first vendors to jump in, only users with the more expensive phones have seen the so-called monthly updates, if any. (Source) According to the latest official Android distribution figures (December 2015), Android M just hit the 0,5% mark (very low), while Lollipop reached the 29,5% and KitKat still dominates with a solid 36,6%. Even the dated JellyBean, with all its variations, has a 26,9% distribution share. If Lollipop 5.1.1 had 5 vulnerabilities out of 26 possible, I wonder how the lower, older versions, would fare against the VST tool. |
|
![]() |
![]() |
![]() |
#5 (permalink) | |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]() Quote:
|
|
![]() |
![]() |
![]() |
#6 (permalink) |
Super Moderator
Join Date: Jul 2008
Location: India
Posts: 15,334
|
![]()
Good points IO.Hazard. And quite some points of concern there for the end users. First, they have to wait a really long time for any update, and then security patches being provided only to flagship devices is just not fair.
__________________
Anupam |
![]() |
![]() |
![]() |
#7 (permalink) |
Senior Member
Join Date: Feb 2009
Location: Wales, UK
Posts: 1,174
|
![]()
My phone running ICS 4.0.9 has 14 vulnerabilities according to the VTS Tool
![]() I am looking to upgrade soon (long overdue ![]() |
![]() |
![]() |
![]() |
#8 (permalink) |
Full Member
Join Date: Jun 2014
Location: Light of the South
Posts: 40
|
![]()
Just installed the app from the official link. My phone is on KitKat 4.4.4 and 10 vulnerabilities were detected, too bad. All of them are 'serious' and my phone is stuck with this android version.
Google should have implemented 'granular system updates' the same way it did with the permissions. That way you could patch the system without the need of big, updated firmwares. BTW, this screen got my attention during the installation: ![]() Is that a confirmation that antivirus apps are just a waste internal storage, battery life, and other valuables system resources? If a serious developer like this one states this, I think I should listen to him.
__________________
Error Code 42: User Error. It's not our damn fault! |
![]() |
![]() |
![]() |
#9 (permalink) |
Senior Member
Join Date: May 2010
Posts: 555
|
![]()
Using your phone makes you less secure! Fact
But that comment may actually be true under many circumstances. Relying on AV to keep your phone safe is not a good idea. You should still be careful what sites you visit. AV will help to reduce the likelihood of getting a virus by accident, but if you visit iffy sites then it won't stop al of them. |
![]() |
![]() |
![]() |
#10 (permalink) |
Editor (Android)
Join Date: Jan 2012
Posts: 225
|
![]()
I'll jump in on the whole antivirus thing - and I'll go out on a limb and say it's not necessary. Here's why:
1. Android already has a certain security mechanism built-in - it does, as far as I know, scan apps when they are installed. 2. If you stick to the Google Play Store or another reliable app store, you should be fine when it comes to avoiding viruses, if you take a look at what you download and don't just download an app from a random developer with 100 downloads and 10 bad reviews. 3. You can't run APKs on Android the way you can run EXEs on a Windows computer. On a Windows computer, any EXE can run without being installed, and it has access to a lot of stuff, if it wants to access it, even without administrator privileges. On the other hand, an APK can't run without being installed - and when it is installed, it's not the APK providing the installation interface, it's the system (which is why there aren't all the problems with installer crapware on Android), so the user explicitly presses the install button, which is right under the list of permissions it will get if installed - and the app will only be able to use those services. The only way it can get around that is by using an exploit - which is where the whole topic started - but at that point, it shouldn't have a problem getting around the antivirus either, especially since antivirus on Android doesn't have quite the capabilities of Antivirus on Windows, for example. |
![]() |
![]() |
![]() |
Thread Tools | |
Display Modes | |
|
|