> The exploit takes advantage of Telegram’s default setting to automatically download media files. The option can be disabled manually, but in that case, the payload could still be installed on the device if a user tapped the download button in the top left corner of the shared file.
I don't see why this exploit could not be exploited on iOS.
> If the user tried to play the “video,” Telegram displayed a message that it was unable to play it and suggested using an external player. The hackers disguised a malicious app as this external player.
However, it seems a disguised way to invite the user to install an external application... Is it from the Google Play Store? Or an external APK that the user has to download from a website, and install himself?
The exploit is that the video is actually an APK. So tapping the video -> "Telegram cannot play this. Open in an external app?" -> Afterwards prompts the user to install the APK.
As such, the user must give Telegram rights to install unknown APKs for it to work. The user will be prompted to enable this setting, but I guess they might think it's Telegram recommending a video player and actually go through with it.
Unless the user has a habit of installing APKs from Telegram, the workflow will probably be: tapping the video -> "Telegram cannot play this. Open in an external app?" -> "APK installation is restricted for this app (click 'settings')" -> "Install unknown apps (click 'allow from this source')" -> Go back -> Open the video again -> "Do you want to install this application?"
If you call the app "video player required for this movie" you may be able to convince users to give all of these permissions, but this isn't like the type confusion exploits on Windows where you can go from application to executing a program in one click.
Hold on, does Android not require the application to include something in its manifest in order to be granted APK installation permission? Like how for every other permission request an app has to declare upfront that it requires/may request that permission?
It's not really Telegram that's installing the APK. It's just trying to open the file with your default APK file handler. Which is the system, and by default doesn't allow arbitrary APK installation.
Think using a browser to download an installer. You download the installer, then open the installer file, it's not the browser that's installing the software it's you opening the installer file.
Telegram shouldn't assume it's a video file because that makes it confusing for the user, but tbh if I want to send a friend an APK and they want to install it shouldn't that be allowed? Software freedom, control over your own device and all?
So the way it works is: an app initiates an Open intent with the apk, the system handles this as an install, then the installer checks to see if the app initiating the intent has the "install unknown applications" permission. The problem is that the user can grant any application that special permission. It shouldn't work like that; an app should have to list that permission as one it accepts, which would avoid scenarios like this without interfering with user freedom (you can download the apk sent on Telegram, then open it in your file browser or something which allows itself to be given app installation permission).
The title misleads the point, and the article is, imoo, badly written.
The post implies there is indeed a setting to turn it off.
So the author deliberately asked Gemini AI to summarize (so, scan) its documents...
"There is a setting to turn it off" is nowhere near equivalent to "the author deliberately asked for documents to be scanned".
Also, see:
"What's more, Bankston did eventually find the settings toggle in question... only to find that Gemini summaries in Gmail, Drive, and Docs were already disabled"
FTA: For Bankston, the issue seems localized to Google Drive, and only happens after pressing the Gemini button on at least one document. The matching document type (in this case, PDF) will subsequently automatically trigger Google Gemini for all future files of the same type opened within Google Drive.
The author deliberately asked for at least one document to be scanned. He goes on to talk about all the other things that might be overriding the setting, other, potentially more specific settings that would override this.
I agree, there appear to be interactions that aren't immediately obvious, and what takes priority isn't clear. However, the setting was off, and the author did deliberately ask for at least one document to be scanned. Further, there author talks about Labs being on, and that could easily have priority over default settings. After all, that's sort of what Labs is about. Experimenting with stuff and giving approval to do these sorts of things.
I kinda agree with this, even if the author could clarify the real difference between a 1200$ and a 4000$ windows laptop nowadays.
Microsoft Windows does not seem to care anymore about building a trusty product for professionals, but as a indie game developer I could say this is the only real OS we really have for now, especially if you really want to target the main audience...
