Huff Post Android App (Vulnerability?)
I noticed a few months ago that sometimes when I'd use the HuffPost app, my android (running stock Moto G3 (Android 6), my phone would go crazy, jumping into what appeared to be the google Play store, hitting random apps, and then flashing the screen and switching to other apps. I'd try to swipe off the screen to kill the process, and I'd close out of Huff Post and it would stop. This happened a handful of times over the past few months, and only while using the Huff Post app.
Over time, I quit using it very much simply because it seemed there was a glitch somewhere, whether a potential virus or otherwise.
A couple weeks ago, I put LineageOS 14.1 (Android 7.1.2) on my phone, and kept some pretty restrictive app permissions going. And then yesterday, I decided to catch up on Huff Posts' latest stories... and this popped up:
I clicked deny and went on reading my Huff Post article. Then today, I had the thought - was that a coincidence? Maybe was Google Drive trying to sync something and it just happened to pop up while I was in the Huff Post app? So I opened the app up again and browsed through 4 or 5 stories, and boom - here it was again. If I swipe this off the screen or hit deny, I go back to the story and can read.
I wonder, if I said 'Don't ask again' and "Allow" would it do the trick that it did a few months ago on the stock Moto G3 and try to direct me to random (or not?) apps on the play store? I don't think so... but I am not going to try it.
Is the Huff Post site compromised? Back in 2015, it's ad network was... http://money.cnn.com/2015/01/08/technology/security/malvertising-huffington-post/index.html
Is something similar going on now which targets Android users?
The timestamp on my android screenshot was 7:40 pm. Looking at my activity history here's what I was doing with the Huff Post app.
There were 4 or 5 pages visited prior to the event, but they are all lumped into "Used HuffPost - News" (I didn't stay long on any one story - I was just clicking from one to another to try and reproduce this event). The screen I was transitioning to was the "George Papadopoulos" story above.
-- Just as an exercise to test this problem out, I borrowed my wife's phone (a Moto G3 with stock android 6 and Lookout antivirus running). I installed the HuffPost app, and after a few stories, the screen went black for a few seconds then an error popped up, referencing sync.html. I wasn't quick enough to capture a screenshot the first time, so I kept browsing different stories, and a few stories later it happened again. Here's the view from her phone with a brand new clean install of HuffPost app.
So whatever is happening isn't just on one phone but is common to the huffpost app usage.
Over time, I quit using it very much simply because it seemed there was a glitch somewhere, whether a potential virus or otherwise.
A couple weeks ago, I put LineageOS 14.1 (Android 7.1.2) on my phone, and kept some pretty restrictive app permissions going. And then yesterday, I decided to catch up on Huff Posts' latest stories... and this popped up:
I clicked deny and went on reading my Huff Post article. Then today, I had the thought - was that a coincidence? Maybe was Google Drive trying to sync something and it just happened to pop up while I was in the Huff Post app? So I opened the app up again and browsed through 4 or 5 stories, and boom - here it was again. If I swipe this off the screen or hit deny, I go back to the story and can read.
I wonder, if I said 'Don't ask again' and "Allow" would it do the trick that it did a few months ago on the stock Moto G3 and try to direct me to random (or not?) apps on the play store? I don't think so... but I am not going to try it.
Is the Huff Post site compromised? Back in 2015, it's ad network was... http://money.cnn.com/2015/01/08/technology/security/malvertising-huffington-post/index.html
Is something similar going on now which targets Android users?
The timestamp on my android screenshot was 7:40 pm. Looking at my activity history here's what I was doing with the Huff Post app.
There were 4 or 5 pages visited prior to the event, but they are all lumped into "Used HuffPost - News" (I didn't stay long on any one story - I was just clicking from one to another to try and reproduce this event). The screen I was transitioning to was the "George Papadopoulos" story above.
-- Just as an exercise to test this problem out, I borrowed my wife's phone (a Moto G3 with stock android 6 and Lookout antivirus running). I installed the HuffPost app, and after a few stories, the screen went black for a few seconds then an error popped up, referencing sync.html. I wasn't quick enough to capture a screenshot the first time, so I kept browsing different stories, and a few stories later it happened again. Here's the view from her phone with a brand new clean install of HuffPost app.
So whatever is happening isn't just on one phone but is common to the huffpost app usage.
Edit:. After reporting to Huff post, I had the thought to read through comments in Google Play Store.
I found plenty where people complained of page loading errors but this person was very specific in their description and Huff post answered saying it was fixed.
The version I am running is newer than the 'fixed' version.
Comments
Post a Comment