A new piece of Android malware has been revealed by security firm Lookout, and it’s a clever one. The malware in question is a type of trojan adware called Shuanet, which is masquerading as 20,000 different popular apps. Shuanet doesn’t just display ads, though. It also attempts to root any device it is installed on, allowing the malware to survive factory resets.
Shuanet shares a lot of code with several other adware trojans that Lookout has detected recently known as Kemoge and Shedun. What’s interesting about Shuanet is that it doesn’t seek to wreak havoc on an infected device or clog it with other malware. This is adware first and foremost, so the goal is to get people to use their devices and see the ads.
The malware operators are downloading the legitimate Android APKs of popular apps, then integrating Shuanet and reposting them in third-party app stores. The thousands of apps repackaged by Shuanet include the likes of Facebook, Snapchat, NYTimes, WhatsApp, and more. These apps appear to function normally after being installed, so the user might not even realize anything is wrong. Just a few annoying popup ads, but such is the price we pay for living in a connected world, right?
The aspect of Shuanet that is grabbing headlines is that it roots your device, which is sort of true. It certainly tries to root any Android device it is installed on, but according to Lookout, it’s not using any new secret system vulnerabilities. It’s simply a package of older community-developed exploits that enthusiast users install to gain root access for their own enjoyment. If Shuanet successfully roots a phone, it moves the infected app to the system partition, which means it will survive a factory reset. The only way to remove it would be to use a root-enabled file explorer to find and remove the package. That would be tough if you didn’t know which app was the source of the infection.
This isn’t as calamitous as it sounds at first. As we’ve mentioned in the past, there are no universal root exploits on Android, and all of the public exploits included in Shuanet have been patched (for example ExynosAbuse and Framaroot). Thus, a device is only vulnerable if it’s running a rather old version of Android. Notice how the example image provided by Lookout is a Jelly Bean phone? A newer phone wouldn’t be rooted by Shuanet, but the ad features could still work.
It’s still very hard to get infected with Shuanet. You’d have to disable installation protection, ignore the Google security warnings, then manually install one of these apps from a shady third-party app store instead of simply getting it from Google Play. I’m not sure who would do that, but Lookout says it has seen it happening in the wild. It does not provide a figure for the number of infections, though.
For the last few years, Samsung has dominated the premium phablet space with its Galaxy Note devices. They had the best screens and the biggest batteries for those who wanted a large phone. Now Google has refined the Nexus lineup and is offering the Nexus 6P, a pure Android phablet with great hardware at a reasonable price. It doesn’t have the same productivity features Samsung touts in the Note 5, but let’s see how they stack up.
Design
Gone are the days of plastic Samsung flagship phones. Now it’s all about metal and glass, which forms the entirety of the Note 5’s body. It has an aluminum band around the edge and a glass panel on the back. The Note 5’s rear panel is curved a bit at the edges to make the larger phone easier to hold, but it is still made of slippery glass. The Nexus 6P is by far the most sturdy Nexus phone ever built. It has an aluminum unibody frame that wraps around the edges of the device. There’s a Gorilla Glass panel on the back that houses some antennas and the camera as well.
The Note 5 and Nexus 6P have a similar feel in the hand as they have very similar sizes and weight. The Nexus is 7.3mm thick compared with the Note 5 at 7.6mm. The Nexus 6P weighs 179g, which is only a little heavier than the 171g Note 5. The Nexus 6Pa also has front-facing stereo speakers, but the Note 5 only has one speaker mounted on the bottom.
Because these are both sealed devices, the batteries aren’t intended to be swapped by the user. The Samsung device has a 3,000mAh cell, which is a little smaller than past Note devices. It’s a reasonable battery for a phablet, but plenty of enthusiast users are disappointed that you can’t swap batteries when that was a hallmark of past Notes. The Nexus 6P comes from a long line of devices without swappable batteries, so it’s more expected. Huawei also managed to cram in a larger 3,450mAh battery. In general, the Nexus gets better battery life than the Note 5, but that’s also thanks to the software, which we’ll get to later.
On the front of the Note 5 is Samsung’s customary array of physical navigation buttons under the screen. The back and multitasking buttons are capacitive, and the home button clicks. That’s also where the fingerprint sensor is on this device. It’s fast and reliable, but it seems less special now that the Nexus 6P is available. There are no physical nav buttons on this phone, but it does have a fingerprint sensor on the back right where your index finger likes to sit. This makes it a snap to unlock the phone — just tap the sensor (called Nexus Imprint) and the phone wakes up and unlocks. It’s faster and more convenient than Samsung’s implementation.
Display and internals
Samsung has been the king of smartphone displays for years. That’s still true, but only because it made the panel on the Huawei-built Nexus 6P. Google and Huawei actually worked out a deal to get the latest generation AMOLED tech for the new Nexus phone, which has never happened before to my knowledge. Samsung usually only sells the last-gen technology to other manufacturers.
Both the Nexus 6P and Note 5 have a 5.7-inch 2560×1440 Super AMOLED (518 pixels per inch). They both look absolutely fantastic with very good clarity and high maximum brightness. They’re very usable outdoors, and the colors are vibrant without being blown out. Google has also added a more accurate optional sRGB color mode to the Nexus 6P, which is a nice touch. The Note 5’s screen might be calibrated a little better in the default mode, but the real difference is the included digitizer for Samsung’s S Pen.
The S Pen docks in the bottom of the Note 5, allowing you to write on the screen almost like you would on paper. The S Pen has pressure sensitivity and quick access to a raft of Samsung productivity tools. The S Pen is the best stylus you can get on an Android phone right now, and the Nexus 6P doesn’t really have an equivalent feature.
On the inside, the Note 5 and Nexus 6P are simultaneously the same and quite different. Both have an octa-core 64-bit ARM chip, but the have different pedigrees. The Note 5 runs on the Samsung Exynos 7420 with a quad-core cluster of high-power Cortex-A57 CPUs and a second group of four highly efficient Cortex-A53 cores. It runs cooler and faster than the Snapdragon 810 in most other phones. The Nexus 6P has a Qualcomm Snapdragon 810 with the same core configuration, but this chip has been extremely warm in other devices, which has led to heavy thermal throttling. Interestingly, the Nexus 6P seems to avoid all that. It’s fast and it stays fast without overheating.
The Nexus 6P also has 3GB of RAM and comes in 32, 64, and 128GB storage variants. The Note 5 has 4GB of RAM and only comes in 32GB and 64GB versions. Neither device has a microSD card slot for added storage, but Samsung’s UFS 2.0 NAND flash is much faster than the eMMC 5.0 used in the Nexus 6P. Not many activities will make use of that, but it might come up from time to time. It’s worth noting that Samsung’s memory management model in TouchWiz leans toward closing apps in the background rather than filling up all the available RAM first.
Cameras
Google has finally started taking the camera experience seriously with the Nexus 6P. This device has a 12.3MP sensor with large 1.55µm pixels and a f/2.0 aperture. That means it takes great low-light shots, and there’s laser-assisted autofocus to make sure you capture your subject. The Note 5 has a similarly excellent 16MP camera with an f/1.9 aperture. It doesn’t have laser autofocus, but it’s still very effective at finding the subject, though a little slower.
Samsung’s camera adds optical image stabilization, which compensates for hand shakes while taking photos and video. The Nexus 6P doesn’t have that, but there’s electronic stabilization for video. It works well enough, and the still photos are usually captured fast enough that the lack of OIS isn’t a big deal.
HDR image capture is very good on both phones, but it’s substantially faster on the Note 5. Google’s HDR+ implementation produces very well-exposed images, but it takes longer to capture. That can cause some blurring with moving subjects.
Software and everything else
Here’s where things really get interesting — Samsung has always had great hardware features (eg, screens and cameras), but software has been an issue. Samsung’s AndroidUI is known as TouchWiz, and it’s been greatly despised in past years. The company started to turn things around with the Galaxy S5, and on the Note 5 things are vastly improved. The UI is more responsive and most of the half-finished features have been removed. The strange blue-green UI remains, but at least there’s even a theme store that can change it.
The Note 5 is running Android 5.1.1 right now, but the Nexus 6P is shipping with Android 6.0 Marshmallow. Because this is stock Android running on a Nexus device, you get all the latest and greatest features with none of the carrier bloatware. In fact, Google has even reduced the number of pre-loaded apps it includes. The UI is just much more attractive and consistent than what Samsung is doing right now.
The Nexus 6P has a ton of cool Marshmallow features like doze mode to reduce idle battery drain, more granular app permissions, and Google Now On Tap. On that last count, I’m not completely smitten with On Tap yet (it seems to miss a lot of stuff), but it has potential. The Note 5 will get an update to Android 6.0 in the coming months with many of these features, but it has all the stylus additions as well.
Samsung’s Air Command pop up is accessible at any time with the S Pen stylus — just tap the button. It offers quick access to the note taking and screen capture tools designed specifically for this input device. These are things you don’t get on the Nexus 6P, but you really only benefit if you’re a fan of styluses. If the S Pen never comes out of the holder, the Note 5 loses much of its distinctiveness.
The Note 5 is available from all the major carriers, and you can get a GSM unlocked version if you don’t mind scrounging around in the gray market. The upshot is that you can buy a Note 5 on a payment plan with your carrier. The Nexus 6P is available only from Google, and isn’t expected to come to any carrier stores. It’s completely unlocked and has support for CDMA and GSM networks with a ton of LTE bands. Since Google sends out the updates to this phone, there will be no messy carrier delays for this phone.
The Note 5’s full price is upwards of $700 for the 32GB model. It’s a good thing carriers will let you finance that, because it’s a lot to drop on a phone. The Nexus 6P, however, retails at $500 for the 32GB. You have to pay that all upfront or you can finance it with a Project Fi line of service.
Once the mobile maker to beat, BlackBerry is fighting for survival. Its secret weapon: the first-ever BlackBerry phone powered by Google’s Android software.
Most people go to Las Vegas to gamble, party or see a show.
On a warm winter’s day in January 2014, Ron Louks journeyed there to gamble. But he wasn’t trying his luck at the tables. He was there, on one of his first days on the job as head of BlackBerry’s smartphone business, to bet on the company’s future.
After landing in the desert city at the start of the annual Consumer Electronics Show, Louks checked in with BlackBerry CEO John Chen and then set off for his first and most important appointment. Tellingly, it wasn’t with a wireless carrier or one of BlackBerry’s manufacturing partners. It was with Google.
“Android, in our mind, was a longtime coming,” Louks said in an interview last week.
Chen, a software industry veteran hired to help save the Canadian company in late 2013, had already been talking to Google about how BlackBerry could better work with Android, the world’s most popular operating system.
The next step was up to Louks, who previously worked at HTC and Sony Ericsson.
Nearly two years after that Vegas meetup, BlackBerry is getting ready to sell the $700 BlackBerry Priv, its first smartphone not powered by the company’s own mobile software. Chen and Louks hope that by tying their fortunes to Android, BlackBerry will do something it hasn’t been able to do in five years: win over customers who abandoned its once-almighty keyboard-based gadgets for Apple’s iPhone and Samsung’s Galaxy phones.
If the Priv is a flop, that will likely spell the end of the BlackBerry smartphone.
“If this doesn’t resonate with users, there’s not much else they can do,” said Chris Hazelton, an analyst at 451 Research.
The tech giant has plans to meld its software for personal computers with its popular Android software for smartphones and tablets, according to a new report. The bottom line: Mobile has taken over.
For Google, smartphones, tablets, laptops and more may all soon answer to Android.
The Mountain View, California, company is looking to bring its Android mobile software to laptop computers, according to a report Thursday by The Wall Street Journal. As part of that push, Google may annex some parts of its Chrome OS software, which mainly powers its Chromebook laptops, with Android, its operating system for smartphones and tablets, according to the report.
The search giant plans to release this newly unified software in 2017, the report says, with Google showing it off for the first time next year. Chrome OS will continue to be available to other companies, but Google will focus on extending Android to laptops, according to the report.
A Google spokeswoman declined to comment.
While this would be a monumental development in the tech industry, it wouldn’t make much difference to consumers. Of all the laptops shipped globally last year, Google’s Chromebooks accounted for around 3 percent, according to research firm IDC. Chrome OS is different from Google’s Chrome Web browser, which is widely used on Macs and PCs.
Android, which Google acquired in 2005, has become the centerpiece of the company’s mobile efforts far beyond smartphones and tablets. The software now powers television-guide menus, car dashboards and smartwatches. For Google, the change would be profound given its roots as an Internet search engine born on desktop computers.
The shift also highlights the importance of mobile devices and the software that powers them. You can now buy groceries, listen to music and hail a ride all from your phone. Most people around the world are doing these things from Google-powered phones. Android runs on four out of every five smartphones globally.
Assuming the Journal’s report is accurate, the next iteration of Android will run on personal computers as well as mobile devices. It will also give PC users access to the Google Play marketplace for third-party apps. Chromebooks will get a new name, according to the Journal, though it hasn’t been decided yet.
Google has been telegraphing the move for some time. New Google CEO Sundar Pichai, who led development of Chrome OS in 2009, was also put in charge of Android in 2013. Last year, Google put Hiroshi Lockheimer, Android’s top engineer, at the helm of Chrome OS.
The approach is similar to Microsoft’s strategy with its Windows 10 operating system, which runs across computers, tablets, smartphones and the Xbox game console. Apple, however, has maintained that it wants to keep iOS, the software that powers its iPhones and iPads, separate from its Mac OS software for PCs.
Samsung appears to be putting its smartphone sales woes behind it.
The last two years have been rough on Samsung, which makes some of the most popular smartphones in the world but hasn’t managed lately to scoop up the same profits as competitor Apple, whose iPhones remain the benchmark for the industry.
Part of Samsung’s problem is that it faces tougher competition than just Apple. That’s because Samsung devices run Google’s Android mobile operating system, which is available on devices made by a host of hardware makers.
The prevalence of Android handsets means Samsung is fighting on two fronts. HTC and LG, as well as low-cost handset makersHuawei, Xiaomi and Micromax, battle for the Android customers. That means there’s more competition for first-time buyers, who are drawn by lower price points.
Meanwhile, Apple is grabbing the high end of the market, as well as angling for customers who want the big-screen phones Samsung had used to differentiate itself. Last year, Apple introduced the iPhone 6 and 6 Plus, which it recently updated. Those phones are powering Apple’s profits.
Samsung is trying to address the problem. In April, It introduced the high-end and well-reviewed Galaxy S6 and S6 Edge, flagship handsets made of premium materials, something consumers have requested for years.
On Thursday, Samsung showed the process is ongoing. Samsung reported an 82 percent rise in operating profit, snapping a streak of seven consecutive quarterly profit declines, even though revenue from its mobile division was largely flat.
Samsung reported third-quarter operating profit of 7.39 trillion won, or $6.45 billion, on revenue of 51.68 trillion won. Samsung, which doesn’t release smartphone shipment numbers, said it saw a “significant increase” in smartphone shipments but that revenue was hurt by price cuts for its Galaxy S6 and S6 Edge and shipments of low- to midrange smartphones.
The mobile division’s profit increased by about 33 percent, providing about a third of total operating profit in the quarter but sharply lower than the two-thirds it’s provided in the past. Meanwhile, profits doubled at the division housing Samsung’s chip and display businesses.
Still, Samsung indicated the good times were unlikely to last. It forecast profits would fall in the fourth quarter and initiated a share buyback.
To get a leg up on its competition, Samsung has reportedly moved up the launch date of its next flagship smartphone, the Galaxy S7, to January. The move would break Samsung’s tradition of introducing new flagship smartphones at major global tech conferences, such as Mobile World Congress in Barcelona. But it might also give it an opportunity to undercut sales of the iPhone 6S, which launched in August, by getting it into consumers’ hands sooner.
Samsung is also hoping to get a boost from Samsung Pay, its mobile payments service that went live last month in the US. The service lets customers pay for goods and services using their smartphones or Gear 2 smartwatch. As with Apple Pay, the competing service launched last year by Apple, the goal of the feature is to build customer loyalty amid the fierce fight for smartphone customers.
Android users are ditching their phones for the iPhone at a record rate
More Android users than ever are switching to the iPhone, Apple’s chief executive has said, revealing that three in every 10 iPhone buyers replacing their device are converting from Google’s smartphone operating system.
This is the highest rate the company has ever seen, Cook said.
Android, developed by Google, dominates the world’s smartphones, with around 80pc of total sales. But sales of the iPhone have increased by 22pc in the last year, with China’s growing middle class partly responsible.
Cook said the unprecedented rate at which people were switching from Android to the iPhone meant he was confident that Apple would continue to grow iPhone sales, despite the recent iPhone 6s and 6s Plus being relatively incremental upgrades to the iPhone, unlike last year’s 6 and 6 Plus.
Apple sold a record 13m iPhones in the first three days that the new phones were on sale, up from the 10m that last year’s devices sold on their opening weekend.
The world’s biggest company surpassed the $45.2bn made by ExxonMobil in 2008, after the release of its latest smartphones increased profits by 31pc in its fourth quarter.
Cook said that despite Apple’s fiscal first quarter – the three months to the end of December – breaking records last year, he was confident that iPhone sales would continue to grow during the same period this year.
Privacy has always been a concern for most smartphone owners, so taking a cue from that, the French phone manufacturer Archos has collaborated with a lesser-known Brazilian IT security company Sikur to come up with the security-centric GranitePhone. The unlocked phone can be purchased on its standalone website for the whopping sum of $850.
Here’s what you get for that cash: The GranitePhone features a 5-inch 1080p display and is powered by a Qualcomm Snapdragon 615 SoC coupled with 2GB of RAM. It has 16GB of internal storage and a 2,700mAh battery. The phone has a 16MP rear camera and an 8MP front-facing camera.
Not impressed? Sure, these are mostly mundane features that can be found on many midrange smartphones, but the GranitePhone’s main selling point is its highly secure Android-based Granite OS. As touted by Archos and Sikur, the GranitePhone’s Granite OS is pretty much like regular Android, but it’s fully encrypted, has no back doors according to the company, and doesn’t compromise on user privacy in any way. It has not been revealed yet on what version of Android the Granite OS is based.
The Granite OS doesn’t store any data on the device. Instead, it provides multi-layer security and stores all of the usual data (calls, messages, and much more) in the cloud, which can only be accessed via Sikur’s app. Although the device has taken a lot of inspiration from Android, it lacks access to Google’s Play Store, meaning that you’ll really need to care about security to want this thing.
Other than its hi-fi security features, the GranitePhone doesn’t offer much for its hefty price tag. Other midrange smartphones like the Moto G also come with similar hardware specs, but at a much lower price tag. GranitePhone is not the first device that comes with security-centric features, either; the BlackPhone and the Turing Phone have been in the market for quite a while.
The main competition would come from the newer Turing phone, which has higher-end specs and costs $649. The makers of GranitePhone are of a view that users would appreciate security more than features, so many of them would rather go for a highly secured GranitePhone than any other feature-loaded smartphone. Does that describe you? What do you think about this new phone? Would you be cool with spending $850 for a security-centric smartphone?
It looks like Chinese smartphone maker OnePlus has a new device in the works. Filings spotted with the Federal Communications Commission detail a new OnePlus model E1005, a 5.5-inch handset that — from the preliminary picture included in the documentation at least — strongly resembles an iPhone 4. It shows a black handset with metal edging, a camera situated on the back corner, and a micro-USB port. Presumably, as with other OnePlus phones, it will run modified Android Oxygen OS.
OnePlus called its recently released OnePlus 2 a “2016 flagship killer.” While not quite stellar enough to knock both this year and next year’s slate of iPhones, Nexuses, and other big names off the table, the Chinese-made model was nonetheless a solid smartphone for a much cheaper price than many of its competitors. It’s not yet clear how OnePlus’ upcoming smartphone will shape up against the big players in the market, but the FCC filing says the E1005 will come with a 1.9GHz processor and will support LTE, Bluetooth, GPS, WiFi, and FM radios. Official documentation hasn’t been revealed yet, but it’s a good bet we’ll find out more today — OnePlus has an event scheduled in India.
Ever since Google made Android 6.0 Marshmallow official, many users have wondered, “When will my phone get the latest OS update?” Well, that largely depends on the manufacturers and carriers. Thankfully, HTC, Motorola, Samsung, Sony and T-Mobile have already announced their list of devices that will be getting the OS, though most have yet to reveal a set timeline for the update to reach these devices. Here’s what we know so far.
Nexus phones and tablets
Let’s start with the obvious ones first. Android 6.0 Marshmallow was released on October 5, and following its legacy, Google’s latest Nexus 5X and Nexus 6P will be first in the queue to run it. These devices will come preloaded with the latest OS. Existing Nexus devices, including the Nexus 5, Nexus 6, Nexus 7, and Nexus 9, have already started receiving the update. The Nexus Player is set to receive Android 6.0 in the US only. Nexus users can download the latest OS manually from Google Developer, but it’s usually best to wait for the OTA version.
HTC phones
HTC has affirmed that the HTC One M9 and One M8 will receive the update by the end of this year. The company has announced a list comprising other devices that will get the update: HTC One M9+, HTC One E9+, HTC One M8, HTC One E9, HTC One ME, HTC One E8, HTC One M8 Eye, HTC Butterfly 3, HTC Desire 826, HTC Desire 820, and HTC Desire 816. Moreover, HTC said it will be launching an Android 6.0-powered device on October 20. Phones like the HTC One M7 won’t be updated officially, but may see unofficial support from third-party projects.
Motorola phones
Motorola has fared pretty well when it comes to rolling out updates, and this time around the company has already announced a list of smartphones that will get the Marshmallow update. These chosen few are the Moto X Pure Edition (third-gen), Moto X Style, Moto X Play, Moto G (third-gen), Moto X Pure Edition in the US (second-gen), Moto X (second-gen), Moto G and Moto G 4G LTE (second-gen), Moto Maxx, and Moto Turbo.
LG phones
When Android 5.0 Lollipop was released, LG was among the fastest manufacturers to have rolled out the OS. LG itself has not officially announced its list of devices that will get the Android 6.0 update, but T-Mobile has listed the LG G3, G4, and G Stylo. Also, LG’s Korean support page has listed the aforementioned devices with Android 6.0 Marshmallow support.
Sony phones and tablets
Following other manufacturers, Sony has outed a list that comprises devices that will get the Android 6.0 update. The company has not revealed any set timeline for the release, but it says that it is working hard to update devices as soon as possible. Sony products that have made the list are the Xperia Z5, Xperia Z5 Compact, Xperia Z5 Premium, Xperia Z4 Tablet, Xperia Z3+, Xperia Z3, Xperia Z3 Compact, Xperia Z3 Tablet Compact, Xperia Z2, Xperia Z2 Tablet, Xperia M5, Xperia C5 Ultra, Xperia M4 Aqua, and Xperia C4.
Samsung phones and tablets
Samsung began the Android 5.0 Lollipop roll-out 31 days after the update was made official. But as is often the case, not all of its devices received the OS, thanks to the lack of carrier support and some region-related glitches. With that in mind, Youmobile.org has a list of Samsung devices that will get the latest Android 6.0 update, but it’s not yet confirmed by Samsung. The devices listed are the Samsung Galaxy Note 5, Galaxy S6 edge+, Galaxy S6, Galaxy S6 Duos, Galaxy S6 edge, Galaxy Note 4, Galaxy Note 4 Duos, Galaxy Note Edge, Galaxy Alpha, and Galaxy Tab A. As with HTC, unofficial support for older devices, like the Galaxy S5, may be possible with third-party support.
A new piece of Android malware is reportedly making the rounds in as many as 20 different countries, and if security firm FireEye is to be believed, it’s quite a nasty bit of code. The exploit, known as Kemoge, was spotted masquerading as a number of legitimate apps, but upon installation it attempts to gain root access on the device, which could allow an attacker to gain complete control. It sounds bad, but as usual, the truth is a bit less sensational than they’d have you believe.
Kemoge is a form of malicious adware, according to FireEye. It borrows the icons from other apps the encourage a user to trust it. The first hurdle for the malware authors to clear is actually getting users to install the app, which is only possible via a third-party app store. That means the user has to download the APK, allow unknown sources in the security settings, then launch the package. Not exactly an easy process.
The way Kemoge functions when deployed on a vulnerable device is actually pretty clever. It copies device information and beams it back to a command and control server first, then it starts inserting ads into the UI, which can pop up in any app or even on the home screen. So that’s annoying, but what it does next is downright malicious. Kemoge contains as many as eight exploits, which uses in an attempt to root the device. This could give the attacker full control over an infected phone. If the infected device is rooted, Kemoge immediately uninstalls any antivirus apps it finds. The exception would be Google Play Services, which runs Google’s antivirus scans. It’s impossible to remove Play Services from a device (even with root) if you still want anything to work.
Are you sufficiently frightened now? What’s described above is really the worst case scenario. The adware aspect of Kemoge should work on almost any device, assuming you go to the trouble of manually installing it. However, the root angle is much less certain. FireEye lists several of the root exploits contained in Kemoge, and they’re all quite old. There’s Motochopper, mempodroid, and a few general Linux kernel vulnerabilities. These are relics from the days when an APK could be used to root your phone. All modern versions of Android should be patched to protect against these flaws. Testing was done with a Nexus 7 running Android 4.3 (software from more than two years ago).
Root exploits are hard to develop on Android these days, but they aren’t always designed to bemalware. Many Android users want root access for their own use, and that’s where a lot of the exploits used by Kemoge come from — the enthusiast community. Many devices currently on the market don’t even have functional root exploits for people who want to root their phones, so it’s unlikely Kemoge has a magical unreleased exploit that can root your phone.
Bottom line — the old root methods employed by Kemoge don’t work on popular phones or people would be using them to intentionally root their devices. We’ve reached out to FireEye to get clarification on which versions of Android they’ve confirmed root access on and will update when and if they reply.
Your first line of defense from adware attacks like this is to simply get your apps from the Play Store or from a trusted source like F-Droid or APK Mirror. When you flip the unknown sources switch, you’re instantly less safe.
Update: FireEye got back to use and clarified all the exploits it detected in kemoge are public and several years old (2013 and earlier). They should be patched on all newer phones.