Android and openness is something we talk about all the time, but the recent developments in the industry point towards inherent flaws with this very premise. Be it from bloggers, political institutions or corporations, Android is seemingly not open enough. The “War on Openness” is ironically becoming an open war, where many players are increasing their stakes and scope to try and land a bigger hold - or at the very least, restrict Google’s - on what is the world’s...
Sky UK Apps Compromised on Play Store, Uninstall Them!
Today is Sunday, 26th May, and across the world, many people have woken up following a leisurely lie-in to the small notification of an updated app being available. Nothing unusual there, or so you’d think.
The only difference is that today, some of these app updates may well have been malicious updates, pushed to some of the Sky UK official Android apps. As reported by PC Pro and Android Police; the Sky Go, Sky+, SKY WiFi, and Sky News apps all appeared to be targeted in the attacks that involved updates being pushed to the Google Play Store for these applications.
Fortunately, the compromise was more than a little obvious, with the app listing being defaced, including the header banner, description, and screenshots of the Play Store listing, which have since been removed (Thanks to AndroidPolice for the image).
Obviously, the best advice here is to uninstall any Sky apps that you have installed. This ought to alleviate most risk (unless these apps contained an unknown, zero-day exploit that permitted them to break beyond the application container). This is highly unlikely though, and uninstalling the app should be sufficient a precaution to take.
The question here is: Would anyone have noticed this attack had the Play Store listing not been visibly changed? Had the listing not been defaced, would anyone be aware of this surreptitious update which had been installed? I believe nobody would be aware, and everyone would be sitting, none-the-wiser, with a ticking time-bomb on their phones and tablets. These are not small-time apps, with the Sky Go app having between 1 and 5 million users, so the potential for building a silent bot-net of devices is not insignificant.
Later today, we’ll take a dive in and look at the implications of this attack, and what it means for app developers, and users alike. In the meantime, stay safe, and uninstall any Sky apps on your phone. Doing this, you should be reasonably protected against any further risks of this compromise.
Finally, one last piece of advice for Sky or anyone else affected by a similar security incident in the future: When you do announce the breach via Twitter, please do so and link to something verifiable on your own website that details it (in light of recent Twitter accounts being hacked), rather than making a grammatically incorrect and rushed tweet that raises the question of if your Twitter account is compromised:
Want something on the XDA Portal? Send us a tip!
Smartphone cameras have advanced so tremendously over the past few years that they have almost completely replaced point and shoot digital cameras for the most of us. Furthermore, since our smartphones are always with us, the majority of us end up taking tons of photos throughout the lifespan of our devices. But what happens to all the old photos you take? Do you store them on an external hard-drive or keep them backed up to an online cloud service like Flickr? Let us know what your favorite way of storing old photos is and why.
Before the release of Android 5.0 Lollipop, the Holo Design guidelines served as the official reference for Android design, right from IceCream Sandwich to KitKat. However, updates to the guidelines were few and far between, leading to a lack of synchronization between Android design and current UI/UX trends. Google seems to have learned from their mistake the last time around, and earlier this week, a significant update was released for the Material Design guidelines, marking the second revision in less...