- Jul 6, 2014
- 109
- 0
- 0
Hi all,
If you have been wondering if your phone's os or native browser on jellybeen 4.3 on down to the earliest android phone's are vulnerable to the webview bugs. The one' that are a privacy disaster? Well,after having researched this subject for many months now,I finally found a group of security specialist and Android developers who have made a test page. It works too! I tested all my browser's on my HTC Evo 4g LTE on 4.1.1 and my native browser along with my operating system should have been vulnerable. There is a comprehensive article on this severe vulnerability that I will give you all the link to. At the end of the page is the link for the test. I would give the direct link,but you really should read true article. And please email the results to the address they give. I had to copy and paste them,or maybe a screeshot would do.
Now,let me give you a quick run down. This vuln. has been around for quite some time,and recently Metasploit has published modules that can be used by good guys and bad,alike. These can result in a man-in-the-middle attack that can steal all your personal information,take complete control of a device and even install malware. All without you being aware. There are tons of articles in January 2015 alone. Just Google it. Needless to say,I was greatly concerned,and to my delight,found my device safe! I think that perhaps HTC in the last couple safety updates I received,this was fixed,or when they updated these to 4.1.1 a year ago. Not all venders will have done so. Especially for even older phones. I tested my native internet browser,and another browser I know uses webview. This told me the fix was global. Meaning all other apps using webview were safe in that regard.
I know a Google engineer developed a fix late last year,but was not done thru Google. So, perhaps other venders are going to include it in a future update. I also know that the masterkey and fake id flaws were fixed in thur update I received pasty October from HTC and Sprint. So you Freedompop users,you are likely safe too. As my device is actively being sold still and is currently being offered by them and others.
Ok,here is the address to the website.
On the WebView addJavascriptInterface Saga
There is and was,a lot of wrong information about this issue being wrote about by the media. This article gets it all right. The authors work on many open source projects. And truely have a heart for Android. Help pass the word along to inform other Android users,and take steps to secure yoour personal information. Also,be sur to click on the view results "here" and send to log.
Android Central had a resent article of an interview with head of Google security for Android, Ludwig. Please read this too,as there are some good tips there. If you are vulnerable,then use Chrome or Firefox. And if you have memory,or storage issues,then Opera mini would be a good choice. Opera helped develope the new Blink rendering engine used in Chrome browsers. And have long since abandoned their presto engine. Other browsers using Firefox's geeko engine would be safe bets too. But test them to make sure. About fifty of the top one hundred browsers in playstore are vulnerable to the webview flaws.
Hope this helps some of you out there. Safe browsing!
Posted via the Android Central App, HTC Evo 4g LTE ,on Sprint
If you have been wondering if your phone's os or native browser on jellybeen 4.3 on down to the earliest android phone's are vulnerable to the webview bugs. The one' that are a privacy disaster? Well,after having researched this subject for many months now,I finally found a group of security specialist and Android developers who have made a test page. It works too! I tested all my browser's on my HTC Evo 4g LTE on 4.1.1 and my native browser along with my operating system should have been vulnerable. There is a comprehensive article on this severe vulnerability that I will give you all the link to. At the end of the page is the link for the test. I would give the direct link,but you really should read true article. And please email the results to the address they give. I had to copy and paste them,or maybe a screeshot would do.
Now,let me give you a quick run down. This vuln. has been around for quite some time,and recently Metasploit has published modules that can be used by good guys and bad,alike. These can result in a man-in-the-middle attack that can steal all your personal information,take complete control of a device and even install malware. All without you being aware. There are tons of articles in January 2015 alone. Just Google it. Needless to say,I was greatly concerned,and to my delight,found my device safe! I think that perhaps HTC in the last couple safety updates I received,this was fixed,or when they updated these to 4.1.1 a year ago. Not all venders will have done so. Especially for even older phones. I tested my native internet browser,and another browser I know uses webview. This told me the fix was global. Meaning all other apps using webview were safe in that regard.
I know a Google engineer developed a fix late last year,but was not done thru Google. So, perhaps other venders are going to include it in a future update. I also know that the masterkey and fake id flaws were fixed in thur update I received pasty October from HTC and Sprint. So you Freedompop users,you are likely safe too. As my device is actively being sold still and is currently being offered by them and others.
Ok,here is the address to the website.
On the WebView addJavascriptInterface Saga
There is and was,a lot of wrong information about this issue being wrote about by the media. This article gets it all right. The authors work on many open source projects. And truely have a heart for Android. Help pass the word along to inform other Android users,and take steps to secure yoour personal information. Also,be sur to click on the view results "here" and send to log.
Android Central had a resent article of an interview with head of Google security for Android, Ludwig. Please read this too,as there are some good tips there. If you are vulnerable,then use Chrome or Firefox. And if you have memory,or storage issues,then Opera mini would be a good choice. Opera helped develope the new Blink rendering engine used in Chrome browsers. And have long since abandoned their presto engine. Other browsers using Firefox's geeko engine would be safe bets too. But test them to make sure. About fifty of the top one hundred browsers in playstore are vulnerable to the webview flaws.
Hope this helps some of you out there. Safe browsing!
Posted via the Android Central App, HTC Evo 4g LTE ,on Sprint