Hi,
If you have unstrusted sources set to "off", is it possible to get android malware just by visiting a certain website?
Theoretically, this can't happen, because the only way to get android malware is to download a "bad" apk from said website, turn untrusted sources on, and open it.
But practically, every browser has those things called "exploits" which can allow "arbitary code execution". In other words, code can be run and/or be installed in your system, without having to open an app package file.
I was wondering if that is possible on Android.
Has it ever happened? (aka, is there a documented case of it happening?) That's the question.
PS: I also understand malware can get in from "trusted sources" such as the Play Store, but if you only download from a handful of well-known devs (Vector Unit, EA, Gameloft etc) it's not a problem, and it's not relevant to the topic anyway.
PS: Also, I am not referring to the "man-in-the-middle" vulnerability that can be used to target ad frameworks of certain apps. Let's assume the internet link is trusted and the only bad guy is the website. Unless the aforementioned vulnerability can be used by bad ad agencies to exploit the browser app (stock or chrome).
If you have unstrusted sources set to "off", is it possible to get android malware just by visiting a certain website?
Theoretically, this can't happen, because the only way to get android malware is to download a "bad" apk from said website, turn untrusted sources on, and open it.
But practically, every browser has those things called "exploits" which can allow "arbitary code execution". In other words, code can be run and/or be installed in your system, without having to open an app package file.
I was wondering if that is possible on Android.
Has it ever happened? (aka, is there a documented case of it happening?) That's the question.
PS: I also understand malware can get in from "trusted sources" such as the Play Store, but if you only download from a handful of well-known devs (Vector Unit, EA, Gameloft etc) it's not a problem, and it's not relevant to the topic anyway.
PS: Also, I am not referring to the "man-in-the-middle" vulnerability that can be used to target ad frameworks of certain apps. Let's assume the internet link is trusted and the only bad guy is the website. Unless the aforementioned vulnerability can be used by bad ad agencies to exploit the browser app (stock or chrome).
