Short URL

I've been ranting about this all week, so I'm taking a few minutes to blog about it here. Hopefully it does a little bit of good.

By now, everyone knows that OMG clicking a link can maybe reset your Samsung phone and erase all your data!!!11!! Unfortunately, it's true for a good many phones out there, including about a jillion Galaxy S2 models. Like mine. While I'm the first to say that OEMs need to get off their ass and patch the phone of every user in the world that still has a contract or is under warranty, I also know that in the end, it's us -- the users -- that are responsible for our own security. 

For some, like me and many of you, that means getting out the data cable, giving the OEM and their jacked version of Android the finger and flashing a custom ROM that fixes bugs and exploits. There are plenty of AOSP builds already made for my Galaxy S2, and I'll be flashing at least one of them this evening. But some of us can't (or just don't want to) hack things up and deal with different bugs on unofficial firmware. That's cool, too. Not everyone is an idiot who likes to break willing to hack their expensive phone. That means you get to sit and wait for a patch that may never come. What can you do?

Here's a quick and dirty suggestion that will cut down on over 9,000-percent (totally made up figure) of exploits. 

Stop clicking random short URL links from people you don't know or trust. Stop. 

How easy is it to hide a link to something disgusting, unsafe, or illegal inside a short link? Way too easy. Head to and follow the instructions. And that's just one of many URL shorteners out there. In fact, if you're wanting to make a short link to a script or other bit of evil that legit URL shorteners have blocked, a cheap GoDaddy website and a bit of Googling can help you make your own. Then you can hide all sorts of nefarious shit in plain sight.

Knowing this, the next time you get a random text message, or @reply on Twitter, or Google+ spam, or Facebook spam (and this could go on forever), don't click the damn thing. Delete it. Maybe even report it. Reply to it that you think the sender is a douchebag. Do anything but click it. Only trust people you know you should trust. You can trust your bank. You can trust your church. You can trust us. You can't trust 86114 or the Prince of Nigeria.

By only clicking short links from people you trust, you'll have a pretty good idea where they are sending you is something that won't break your phone. Or if it does, you know who to kick in the balls for it afterwards.

There are 33 comments

BrianTufo says:


ButcherChop says:

I'm so tempted to click on that.

tailsthecat3 says:

Worth it.

tailsthecat3 says:


It's a Rick roll isn't it?

tailsthecat3 says:

Not a rick roll.

dancing-bass says:

The wisdom of Jerry strikes again. Thanks!

coraphise says:

LOL Wow Jerry, you weren't kidding when you said this bothered you. :)

tailsthecat3 says:

Six paragraphs deep I was thinking, "smartest editor on AC, how'd the others get jobs?". Then I reached the seventh paragraph and realized I was wrong. Good writeup though, spelling is good, grammar... more than I can say about the other "editors". Of course, other reader's opinions may vary.

86114 says:

Yeah!!! I can be trusted!

dtreo says:


Nice, Jerry! And now I actually have a good reason to hate short links... Before I just hated them for the same reason I hate "chat/text speech", because it looks like people are being lazy. I'll take my 6 paragraph link anyday! :D

mathiasjk says:

I got here from a shortened link...

Hand_O_Death says:

Hey Don't Bad Mouth The Prince, He It's A Stand Up Guy. He It's Sending Me Money To Help Him With A Recent Death I His Family.

techdan1989 says:

But how does one know the message is truly from whom it claims? Ah the web of mistrust.

Gearu says:

I hate people who use short links.

Jordan2348 says:

for those that love their short links, use a website like or and see where it's sending you

hulickr says:

No f'ing sh*t... :-)

The whole concept has screamed "hack me" for years...

Who ever thought this was a good idea? ( except for the hackers, of course)

If you can't show me a real Link, I don't need to see what you're hawking...

B' Bye :-)

toddjy says:

I swear I've seen AC employees use those url shorteners.

SamTime says:

Whoa, whoa, whoa, WHOA! I can't trust the Prince of Nigeria?! What has this world come to???

TGoblin says:

Jerry rules

t3chn0s1s says:

I can understand you're all heated about this but instead of all your dirty language why don't you just explain it like a normal person. Jeez. All the cursing is unnecessary.

DrLouie says:

So Jerry, which ROM are you installing on your S2?

Darrkman says:

Damn god article Jerry.

One observation. Jerry does such a good job of saying the dangers of trusting strangers but then saying you "can trust us" meaning Android Central I realized something. This was how Jerry got women back in the day. Tell them how you should trust the athlete but that he's their friend and you can trust him. SCORE!!


appswhat says:

Its a stupid bug, but thankfully its easy to fix.
On this page they have links to some apps you can install which will catch evil messages for you:

(check it on a PC first if you are scared ;)

mike340t says:

Awesome writeup but tell us how you really feel lol... Personally people who click on everything just annoy me.. I have never had a virus/malware ever and have been using computers since the 286!

nisahnet says:

If you really have to know, but don't want to click.

Miths says:

I can see that Lookout has now inserted itself with a "scan before dialing" option (that can also be set as default) on my GS2. I assume that's in response to this problem?

I also have another dialer installed and none set as default, so just having the the request prompt showing up should also block any sneaky, automated dialing codes.

Do not underestimate ball kicking as remedial action. Look what happened when tar and feathers went out of fashion.