• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Is it possible to get malware, just by visiting a website, with untrusted sources off? (via exploit)


Sep 14, 2011

If you have unstrusted sources set to "off", is it possible to get android malware just by visiting a certain website?

Theoretically, this can't happen, because the only way to get android malware is to download a "bad" apk from said website, turn untrusted sources on, and open it.

But practically, every browser has those things called "exploits" which can allow "arbitary code execution". In other words, code can be run and/or be installed in your system, without having to open an app package file.

I was wondering if that is possible on Android.

Has it ever happened? (aka, is there a documented case of it happening?) That's the question.

PS: I also understand malware can get in from "trusted sources" such as the Play Store, but if you only download from a handful of well-known devs (Vector Unit, EA, Gameloft etc) it's not a problem, and it's not relevant to the topic anyway.

PS: Also, I am not referring to the "man-in-the-middle" vulnerability that can be used to target ad frameworks of certain apps. Let's assume the internet link is trusted and the only bad guy is the website. Unless the aforementioned vulnerability can be used by bad ad agencies to exploit the browser app (stock or chrome).
Did those guys got this by a browser exploit or by installing a bad apk? Thread doesn't tell.

Not sure but I suspect that it's a browser exploit.

Once the compromised data was removed the problem went away.

I'd have expected a bad apk to cause the problem to recur.

For the record, I think that web browsing without ad blocking is wrong. Lots of malware sites disappear with ad blocking in my personal experience.
Upvote 0


We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.