- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or # to comment.
Shite, I’m pretty damned sure I updated like a week ago. The updates always pop up in the main menu of the app, and they often mean a fix for google’s latest anti-adblock measures, so I usually update right away. I should probably adjust that policy to add some delay.
Fortunately, its an app for TVs. Still, sometimes you have to be extra careful when downloading 3rd party apps. Especially, those which do not exist on fdroid.
It would not matter in this case, or? The official SDK was compromised since his building machine was compromised?
The app is limited for TV which limits the reach. Plus, I do not download apps outside of fdroid for the most part.
It’s the Google account people log onto with thats the issue from a security perspective.
That said neither a malicious update was so far identified nor anything that 2FA wouldn’t take care of.
This can happen to fdroid apps as well by the way. It’s just the downside of small or solo devs that they are on their own when it happens.
I’m actually more confident in the smarttube rev now I have to say. He disclosed it fast, flagged his own apps as compromised even without specific proof and published it from what I can tell pretty much right after finding out.
Once again being lazy and not updating my shit has averted potential disaster.
This is a 3rd party youtube client. Did it not stop working when you did not update the app for almost a whole month?
Nope. In fact, I only ever bother to update it when I have issues with playback which is maybe one every few months.
So if I was still on version 1.29 I don’t need to worry? I’ve unit for now just to make sure I can’t update to an infected version
Ugh, and lately I was having some playback woes so I was updating the app as soon as a new update was available 😵💫
Just revoked its access to my Google Account, now to remove it, install and setup the clean version on my TV Box 😮💨
Thanks for posting this!
If you use SmartTube and are concerned about your exposure to this malware, you should factory reset any device that had the app installed
Fuuuuugg
I don’t have a Google account. I’m just going to delete and redownload 😮💨
From the comments of the article
Deleting it and re-installing from the new uncompromised release is not a big deal, but having to go and factory reset all one’s streaming devices and re-configure them from scratch is rather time consuming (I have several).
In yuliskov’s github announcement, he doesn’t come across as this being particularly urgent, and is NOT making statements like “reset all your devices, change all your streaming account passwords”. He just said going forward there won’t be updates and it will have to be re-installed from the new tree.
It seems at this point for most people, if google and amazon haven’t uninstalled it and you are not running 30.43 or 30.47, then keep using it, and when the new version is released, remove the old one and install the new one.
Factory resetting is likely overkill. Android apps are, theoretically, sandboxed, so they shouldn’t be able to affect the system or other apps. Uninstalling the infected app should be enough to clean up, but a factory reset is a guaranteed way, which is why I mention it.
Ahhh I was wondering why it hat disappeared.
I thought it was just google with their usual anti addblock shenanigans.
Are we all ready for the inevitable “FLOSS is bad, and here is why” flood of bullshit?
