Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Stage fright didn’t involve having an app in the Play store. The review process is non existent, and static analysis tools wouldn’t catch it anyway.


> Stage fright didn’t involve having an app in the Play store.

If the MMS app and the browsers were updated to filter Stagefright exploits (on Android, unlike iOS, system app updates do not require an OS update and happen through the Play Store, one of many things Android gets right and iOS gets wrong), the only way to exploit it is by publishing your own app to the Play Store and getting somebody to install it and hoping that the device doesn't have an selinux policy that limits the privileges of the exploit. The Play Store can trivially block apps that don't use an approved wrapper library for media that filters Stagefright exploits.


Back then the built in Web view that apps embedded was built into the OS as was the browser. You remember that Chrome wasn’t the browser for apps back then.

Also, what’s the differences between updating the OS from Apple’s servers and hypothetically updating an app from Apple’s servers. Are you trying to turn a weakness that Google can’t just press a button and allow every single Android worldwide to receive an OS update into a strength?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: