• Google is making it mandatory to have Play Services for its next-generation reCAPTCHA system on Android.

  • Your phone will need to be running Play Services version 25.41.30 or greater when the system asks you to scan a QR code for verification.

  • This hurdle means that de-Googled phones will fail the verification test by default.

  • Wispy2891@lemmy.worldEnglish
    87·
    2 days ago

    This is awesome news for scammers:

    1. Fake page will say “you need to scan this qr code to verify you’re human”
    2. Users normally dismisses this shit, but it has become normal nowadays, take out the phone to scan it
    3. Qr code opens a page on totallynotascam.com that say “you need to install this totally safe APK on your device for verification 😉”
    4. APK passes the new useless developer “verification” as the scammer either used a hacked dev account or just paid $25 with a stolen id + stolen credit card
    5. User see the message “APK verified by Google play protect” and would totally believe the bullshit, giving all the possible permissions to the app
    • redsand@infosec.pubEnglish
      1·
      22 hours ago

      Don’t even need an app. There’s a root LPE almost monthly now most of android takes a month or more to patch. Just need a common exploitable app to handle your link and get your initial shell.