This is why Android gets a bad reputation. Solve this and no one will use iphones

My Essential PH-1 got the update day one. I still prefer iMessage on the iPhone. Other than that, everything else is basically the same.

WHOOSH!!

This is already solved by not buying a locked down device and installing security patches whenever they become available, but not when your OEM decides you should.
I don't think many people would enjoy the latest PNG exploit.
theinquirer.net/inquirer/news/3070649/android-could-be-hacked-using-a-png-file-loaded-with-malicious-code

The latest security policy update already fixed that bucko.

I know and I have it.

KEK!
iclug.org/technology/security-flaw-hackers-android-phone-image-86466468

I know, but it has been fixed. Not sure why you quoted me.

OH NO NO NO NO NO
AAAAAAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

Attached: 1540514671761.jpg (737x920, 134K)

Is there a non-retarded source that explains how the vuln can affect you? They say "the platform and service mitigations are turned off for development purposes or if successfully bypassed" for it to work, but that's kinda vague.

>it has been fixed.
Not for the vast majority of Android users who will never receive that update.

I think not and that's the scary part, you don't exactly know how to protect yourself.
>Not for the vast majority of Android users who will never receive that update.
Not my fault for people buying locked down devices.

>Not my fault for people buying locked down devices.
Nobody is blaming you, the point is Android is a fucking mess in terms of updates.
If you expect people to install 3rd party ROMs or compile their own updates you're deluded.

>If you expect people to install 3rd party ROMs or compile their own updates you're deluded.
I don't, but this could be a trigger:
>I think not and that's the scary part, you don't exactly know how to protect yourself.

>Google notes that for such malicious code to work, "the platform and service mitigations are turned off for development purposes or if successfully bypassed".

anyway how does Android work here? it provides some API to render PNG images or ships its media library to decode them or what?
because I don't see how bug in per-app codec could cause privilege escalation

AICP doesn't have this problem.

Attached: https%3A%2F%2Fraw.githubusercontent.com%2FAICP%2Fvendor_aicp%2Fp9.0%2Fxda_template%2Flogo_black.png (640x255, 4K)

Well yes, if you're using custom roms you have no interest in security to begin with.

>meanwhile the .mp3 exploit to create a new tab in chrome still hasn't been fixed

>Well yes, if you're using custom roms you have no interest in security to begin with.
What?

>Solve this and no one will use iphones.
I won't because I like when my devices don't phone home to google even after installing some shady unmaintained custom rom put together by some mexican dude

op is a faggot as usual
t. oneplus user

Attached: Screenshot_20190217-124149_Settings.png (1080x1920, 140K)

All custom ROMs are open source, so, what shady practices are you talking about? Almost no custom ROMs come with gapps pre-installed, so there is no possibility of phoning home and microG exists as well. What do mexican people have to do with any of this at all and why do you hate mexican people?

>All custom ROMs are open source
Most aren't actually, but even if they were you don't package them from source yourself so you're still trusting some dude with no particular reason to.
>Almost no custom ROMs come with gapps pre-installed, so there is no possibility of phoning home and microG exists as well.
Still calls google NTP servers on boot, even when you disable it. It's baked into the kernel, nothing to do with gapps.
>What do mexican people have to do with any of this at all and why do you hate mexican people?
I like white people more. Just preference you know.

But they make the best burritos...

LineageOS had the February security patch in their code in less than a week.
review.lineageos.org/c/LineageOS/android_build/ /240815

Moral of the story is: pick your next phone from the list of the supported devices.
wiki.lineageos.org/devices/

>Most aren't actually
For example?
>but even if they were you don't package them from source yourself
But you can if you want to.
>so you're still trusting some dude with no particular reason to.
No, you're not blindly trusting anyone, as you are able to see and verify every single commit that makes it into the ROM.
>Still calls google NTP servers on boot
Source?
developers.google.com/time/
Of all things Google can be blamed for, I don't see what's so horrible about this.
>I like white people more. Just preference you know.
Cool story. Just not for Jow Forums.

/thread

>pick your next phone from the list of the supported devices.
Or from the list of any custom ROMs with official support.

>custom ROMs with official support
official support for what

For updates, bug fixes, etc.? Many unofficially maintained custom ROMs can be behind in updates or not as stable and if only those are available for a particular device, you shouldn't really consider buying it.

Why this baiting?

Attached: 1377482517335.gif (200x200, 109K)

>mfw mainly use blackberry but sometimes get out original moto x
>mfw last official patch was April 2016 for that video exploit
I wish bbos 10 was still a thing. A more realistic wish would be a newer android phone similar in build quality and third party support as the galaxy nexus

>I wish bbos 10 was still a thing
Why? It was proprietary, primitive and no equivalent of custom ROMs and microG existed for it.

True microkernel, hub is much better than android or iOS notifications, keyboard shortcuts. It's also not Google-based so keeps out of their botnet at least

>not backing up your apps on a pc
>updating anything on iOS
>updating something that just works

Attached: IMG_1008.jpg (499x811, 74K)

Why do you guys want updates?

Hello?

Custom roms are not secured as compared to oxygenOS or androidone google versions.

Uhh, what? First off I don't think exactly know what you're talking about and both of those aren't magical - only two years of OS and most likely security updates, nothing out of the ordinary.

didnt ios just have something that could be exploited by some kid and they told that they would maybe fix it some day instead of fixing it immediately

Security? How about using common sense?

Oh wow a button is circle now. Literally who gives a shit. Most of the OS is updated via the App Store anyway

my Keyone already updated to feb patch like 5 days ago. what now ?

he has a point, though.
by opening the bootloader the phone doesn't check for signed software. as custom roms aren't signed (mostly, anyways) - anyone could inject some bad code into the rom.

Nowhere does it say how you can specifically protect yourself against this PNG exploit if you don't have a patched device.

>by opening the bootloader the phone doesn't check for signed software
But developers provide MD5 checksums, so you can check.
>anyone could inject some bad code into the rom
And this has happened exactly how many times? I don't recall a single instance. You can compile custom ROMs yourselves. And by the way, there was pre-installed malware on Oxygen OS, so, now what?
theregister.co.uk/2017/11/14/oneplus_backdoor/