Was Pinephone security really targeted by snake game?

The malware required the user to download a pacman package from a chat and then install it with root/sudo permissions. The package was disguised as a snake game.

It would delete/alter the root filesystem of the phone and delete the modem firmware.


So it’s related to separate package, installation of external packages should be blocked or at least triggers red warning, and mobile apps that are safe for installation should be filtered because mobile users are different than real Manjaro users who understand the danger of unknown packages.

This statement is shifting responsibility from enduser to distribution.

It’s like - you can choose to drive in the wrong side of the road - and when crashes occur - you are saying - not my fault - the carmaker should make it impossible to drive against traffic.

I don’t know what to say …


It’s like how android has hidden option to block installation of external apk and the store has security system called Google Protect that scans for dangerous apps.
Why it’s necessary is because mobile phones can be used by children, old people and everyone who is not tech geeky, so all responsibility of securing the whole system including apps will be shifted to the OS maker.

Android can sideload apps very easily. You just need to enable it in the settings. To sideload a package on Manjaro you need to know which command to use on the phone to install it.

This is not a distribution problem, but an enduser problem. The enduser does know the risk of installing packages from external sources and they are well aware of when they are doing it.

The GUI package manager on Plasma Mobile does not really support installing external packages other than flatpaks from flathub.

1 Like

The GUI package manager on Plasma Mobile does not really support installing external packages

This is really good to hear :slight_smile:

The OS maker will have full responsibility for safeguarding the entire system, including programmes.

We are currently in process to provide an alternative OS image which is read-only for the core system. This will also add software only from flathub or similar. It will have OTA updates, which are checked by the system before installing those. Also a rollback to a previous state will be implemented. A similar approach is done with the SteamDeck. Using pacman in that scenario will be more or less obsolete and highly not part of that system at all. It will have more a feel like Android or iOS. We will post more when we have some to present.

However, this won’t mean that we will stop to offer images with the classic approach thru pacman.

1 Like