The new home of /r/Android on Lemmy and the Fediverse!
Android news, reviews, tips, and discussions about rooting, tutorials, and apps.
🔗Universal Link: !android@lemdro.id
💡Content Philosophy:
Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.
Support, technical, or app related questions belong in: !askandroid@lemdro.id
For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id
📰Our communities below
Stay on topic: All posts should be related to the Android OS or ecosystem.
No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.
Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.
No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.
No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.
No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.
No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.
No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.
No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!
No affiliate links: Posting affiliate links is not allowed.
Our Communities
Lemmy App List
Chat and More
Once again being lazy and not updating my shit has averted potential disaster.
This is a 3rd party youtube client. Did it not stop working when you did not update the app for almost a whole month?
Nope. In fact, I only ever bother to update it when I have issues with playback which is maybe one every few months.
Vanced I do the same. When it stops working months have passed
Fortunately, its an app for TVs. Still, sometimes you have to be extra careful when downloading 3rd party apps. Especially, those which do not exist on fdroid.
It would not matter in this case, or? The official SDK was compromised since his building machine was compromised?
The app is limited for TV which limits the reach. Plus, I do not download apps outside of fdroid for the most part.
It's the Google account people log onto with thats the issue from a security perspective.
That said neither a malicious update was so far identified nor anything that 2FA wouldn't take care of.
This can happen to fdroid apps as well by the way. It's just the downside of small or solo devs that they are on their own when it happens.
I'm actually more confident in the smarttube rev now I have to say. He disclosed it fast, flagged his own apps as compromised even without specific proof and published it from what I can tell pretty much right after finding out.
If you use SmartTube and are concerned about your exposure to this malware, you should factory reset any device that had the app installed
Fuuuuugg
I don't have a Google account. I'm just going to delete and redownload 😮💨
From the comments of the article
Deleting it and re-installing from the new uncompromised release is not a big deal, but having to go and factory reset all one’s streaming devices and re-configure them from scratch is rather time consuming (I have several).
In yuliskov’s github announcement, he doesn’t come across as this being particularly urgent, and is NOT making statements like “reset all your devices, change all your streaming account passwords”. He just said going forward there won’t be updates and it will have to be re-installed from the new tree.
It seems at this point for most people, if google and amazon haven’t uninstalled it and you are not running 30.43 or 30.47, then keep using it, and when the new version is released, remove the old one and install the new one.
Factory resetting is likely overkill. Android apps are, theoretically, sandboxed, so they shouldn’t be able to affect the system or other apps. Uninstalling the infected app should be enough to clean up, but a factory reset is a guaranteed way, which is why I mention it.
Shite, I'm pretty damned sure I updated like a week ago. The updates always pop up in the main menu of the app, and they often mean a fix for google's latest anti-adblock measures, so I usually update right away. I should probably adjust that policy to add some delay.
Pretty sure if you downloaded/updated from within the app you should be fine, as the threat is for net new installs
Ugh, and lately I was having some playback woes so I was updating the app as soon as a new update was available 😵💫
Just revoked its access to my Google Account, now to remove it, install and setup the clean version on my TV Box 😮💨
Thanks for posting this!
Are we all ready for the inevitable "FLOSS is bad, and here is why" flood of bullshit?
It has nothing to do with FOSS (although it being FOSS helps a lot)
Ahhh I was wondering why it hat disappeared.
I thought it was just google with their usual anti addblock shenanigans.
So if I was still on version 1.29 I don't need to worry? I've unit for now just to make sure I can't update to an infected version