[raesene9]

neat bug, although only the iPhone 4 and earlier would be unpatchable for it, and those devices are pretty much stuffed from a security standpoint anyway as they're vulnerable to the old DFU mode jailbreaks...

I was kind of thinking more of examples of malware where people were actually using the lockdown of the OS to stop users removing it, but hey I said exploits and that's an exploit.

[jhasse]

On the other hand: Have you ever heard of examples of malware which told the use to root their phone?

I think CyanogenMods solution, where root access has to be enabled in the Developer Settings, which have to be enabled by tapping the Android version number 6 times, is the perfect solution: My mum would stop immediately doing such a complicated thing if she wanted to install something.

[raesene9]

I'm not sure I've seen one that told users to enable root, but from what I've seen of the android malware scene large parts of it rely on users installing software from non-Google sources and their lack of ability in discerning a good app. from malware. (one example of many http://arstechnica.com/security/2015/11/new-type-of-auto-roo...)

That seems to me to illustrate the point of a locked down environment fairly well...

[jhasse]

Ah I see. Let's hope Google is going to move the "install apps from 3rd party sources" switch to the Developer Settings in the future.

[newday]

Yes, actually. My ex, sister, and nephew all got bit. Wan't American netflix on your phone, do x, y and z. Want to play games free, just follow these simple steps. You're not seeing it because you probably have a good BS detector and google/research first. But they very much exist.

[jhasse]

Good to know :) Were these steps to enable installing apks from 3rd party sources or really rooting the phone though?