New Android Malware Attacks Custom ROMs 146
drmacinyasha writes "Today Lookout disclosed a new form of Android malware found in Chinese markets which attacks third-party firmwares (ROMs). By using permissions granted to apps which are signed with the same private keys as the ROM itself, an app can update itself or install and uninstall other apps without user interaction. Most third-party ROMs use the private keys included in the Android Open Source Project, making them vulnerable to this attack. Last month's release of CyanogenMod 7.0.3 (and all subsequent builds) included an "important security fix" which a team member confirmed protects users against this vulnerability by preventing applications signed with the platform key to be installed to user or app-controlled storage."
Re:Once again... (Score:5, Informative)
No, half of what you said is completely wrong.
Flashing a 2.3 ROM will allow you to get the latest security fixes on those mobile phones that are no longer supported by the manufacturer. Even 2+ year old phones get the latest versions from cyanogen, so it extends the life of your device way beyond that of an iPhone.
Furthermore, unlike apple, that seems to abandon a device when they decide it is too hard to update for it, most of the custom ROMs are made from people that actually own the device, so they simply strip down some features and/or add alternatives so that everyone ends up with the latest fixes.
The only truth on what you said was, try not to install apps that didn't come from the Android Market and/or reputable sources. Just because you have the choice of installing something else, doesn't mean you should trust everyone.
Re:Once again... (Score:5, Informative)
Nice flamebait, but Android phones can leave the walled garden with a simple checkbox in the options menu. Flashing your own ROM is something else entirely.