A few words rant about the QuadRooter / 900 million vulnerable Android devices scare bug currently making the rounds
If you read basically any news outlet today you might have heard of a supposedly horrible new bug (actually more than one) in Android threatening nearly a billion Android users. Sounds scary? Indeed! Are those bugs real? Sure! Are the reports way overblown? You can bet on that! See the thing here is: Those are run-of-the-mill privilege escalation bugs (so a normal user can get root access with them). Nasty little things for sure, but nothing that isn't found in any OS on pretty much a weekly basis, Google fixed a whole bunch of them in the August update for Android alone.
Those Stagefright comparisons everyone is making are especially clueless. What makes the Stagefright bugs so dangerous is that they are remotely exploitable. Those QuadRooter bugs? Not at all. So to exploit them an attacker would have to get the user to manually install a malicious app and disable all sorts of security layers / ignore warnings in the process of doing so. Meaning: If you only get your apps from the Play Store you are safe.
And even if you sideload apps and at some point those bug are really exploited in the wild - which they are not
right now - Google should be able to find and block them during install or later through "Verify Apps". (basically Google's security scanner that is available on all Android phones and which is enabled by default)
So why is everyone shouting so loudly about QuadRooter then you ask? Simple: Counter Point did a pretty good marketing job here. They produced an app, they worded their blog headline wisely and counted on no-one actually looking closer. They also made sure that their report came out before all of the mentioned bugs were fixed, so that each and every one device will show "vulnerable" when the users run their app to maximize the scare-factor. (two of the four bugs are to be fixed with Googles September update, the others have already been addressed with the July and August updates)
And you can't really blame them for that (well ok, maybe for the last part, that is pretty unprofessional), in the end this is how such companies work: They find bugs and try to market them as good as possible so that people fear-buy their products. The real problem here is that everyone is falling for it because it makes a nice, scary headline.
For completeness sake, here is Counter Point's orginal report:http://blog.checkpoint.com/2016/08/07/quadrooter/Edit
A few extra words before anyone gets me wrong on this: Yes the lack of timely updates for each and every Android device is a real problem - I've said that time and time again. But that is not really the topic here. Cause those bugs are not any more scary that the dozens of similar (and worse) bugs that have been found in the last few months alone.