I've been ranting about this all week, so I'm taking a few minutes to blog about it here. Hopefully it does a little bit of good.
By now, everyone knows that OMG clicking a link can maybe reset your Samsung phone and erase all your data!!!11!! Unfortunately, it's true for a good many phones out there, including about a jillion Galaxy S2 models. Like mine. While I'm the first to say that OEMs need to get off their ass and patch the phone of every user in the world that still has a contract or is under warranty, I also know that in the end, it's us -- the users -- that are responsible for our own security.
For some, like me and many of you, that means getting out the data cable, giving the OEM and their jacked version of Android the finger and flashing a custom ROM that fixes bugs and exploits. There are plenty of AOSP builds already made for my Galaxy S2, and I'll be flashing at least one of them this evening. But some of us can't (or just don't want to) hack things up and deal with different bugs on unofficial firmware. That's cool, too. Not everyone is
an idiot who likes to break willing to hack their expensive phone. That means you get to sit and wait for a patch that may never come. What can you do?
Here's a quick and dirty suggestion that will cut down on over 9,000-percent (totally made up figure) of exploits.
Stop clicking random short URL links from people you don't know or trust. Stop.
How easy is it to hide a link to something disgusting, unsafe, or illegal inside a short link? Way too easy. Head to www.goo.gl and follow the instructions. And that's just one of many URL shorteners out there. In fact, if you're wanting to make a short link to a script or other bit of evil that legit URL shorteners have blocked, a cheap GoDaddy website and a bit of Googling can help you make your own. Then you can hide all sorts of nefarious shit in plain sight.
Knowing this, the next time you get a random text message, or @reply on Twitter, or Google+ spam, or Facebook spam (and this could go on forever), don't click the damn thing. Delete it. Maybe even report it. Reply to it that you think the sender is a douchebag. Do anything but click it. Only trust people you know you should trust. You can trust your bank. You can trust your church. You can trust us. You can't trust 86114 or the Prince of Nigeria.
By only clicking short links from people you trust, you'll have a pretty good idea where they are sending you is something that won't break your phone. Or if it does, you know who to kick in the balls for it afterwards.