The SOP bug and the privacy disaster

RRg · September 18, 2014, 11:30am

Hi all,
it looks like we are bound to android 4.2 for quite some time with our fairphones. That’s not so much an issue with functionality but with security and privacy this might be a serious problem for us now:

The privacy disaster of all android versions before kitkat - SOP-bug: (german article)

(original source)

What are possible measures for fairphone users???
For the time beeing I want to switch to the dolphin browser for all web-surfing!
But I have the impression that some apps are still using the AOSP browser indirectly via system calls when accessing web content.
Can this be prevented?

Jerry · September 18, 2014, 11:40am

The issue is part of the AOSP code, so FairPhone can fix it in a future FairPhone OS update (patches are even supplied and linked to in the rapid7.com forum post you linked to). I just hope FairPhone is doing this, because there have been other security issues identified in 4.2 which are fixable in the AOSP code. Maybe @anon90052001 or @Marco can shed some light on this?

anon90052001 · September 18, 2014, 3:58pm

@marco? You got an update?

Herve5 · September 19, 2014, 6:53am

I understand this concerns the standard browser, so maybe not for instance Firefox?
H.

Jerry · September 19, 2014, 6:59am

Correct. If you use a different browser like Firefox or Chrome then that should pose no threat.

anon90052001 · September 23, 2014, 3:07pm

Hi all. My colleague in software development is aware of it. We’ll update you when we have more to share.