Android Central

A quick way to tell if your Samsung phone is at risk, and what to do if it is 

There's a lot of confusion as to exactly which Samsung phones are affected by today's big scary USSD vulnerability, which could cause some phones to factory reset themselves upon visiting a malicious web page. Some Galaxy S2 and S3-class phones are susceptible, others less so. In some cases it depends if you're running the latest firmware or not. In others, there's no patched firmware available yet.

Samsung will surely be hard at work rolling out fixes for devices that remain susceptible, but in the meantime we've got a quick, easy to tell if your phone is at risk, without taking the plunge and running the malicious code itself. Find out more after the break.

First off, note that today's glitch only affects Samsung phones. Our testing method may produce different results on other manufacturers' devices, but it's important to remember that it's impossible to use this exploit on a phone that's not running Samsung's TouchWiz software. Also, note that we don't see any secret information from your phone during this test. If in doubt, right-click and check the source code to see exactly what we're doing. It's a pretty simple test.

With that in mind, head to this page on your Samsung phone's stock browser. You'll find it at  androidcentral.com/ussd-test

With this page loaded on your phone, simply click the button in the embedded area below to see if your Samsung phone is at risk. The test works by trying to direct you to a benign USSD code, specifically, the one that displays your IMEI (or MEID on CDMA phones) on your screen -- nothing malicious. If you're using a Samsung phone and a window pops up showing your IMEI/MEID number, you're likely vulnerable. If your dialer just loads up showing either nothing, or *#06# in the number read-out, you should be safe.

If the test suggests you're vulnerable, we'd advise you update your firmware to the latest version. If your phone's latest firmware version is still affected, we recommend using a third-party dialer like Dialer One, and setting it as the default dialer until all this has blown over.

Let us know how you get on down in the comments. Safe browsing, everyone!

 
There are 156 comments

icebike says:

May not be vulnerable to the exploit, but the link does pop up my IMEI on my international HTC One X.

So at least some portion of the code works to do some USSD operations remotely on other than samsung phones.

Alex Dobie says:

Yeah, that's an old Android bug. It should be fixed in ICS, but I guess HTC didn't get the memo :)

The fact that there's not a USSD code to reset your phone on non-Samsung devices means there's no real malicious application for this on the One X.

Schubatis1 says:

I ran the test on my original Galaxy S (Epic 4g) running CM 9, and it showed my MEID.

mjmdroid says:

HTC phones don't use the same code to do factory reset

pclov3r says:

Doesn't mean you can find the phone modem form the headers and then determin the reset code.

Verizon running unlocked bootloader, rooted, factory ROM.

Dialer appeared, but no IMEI.

draco947 says:

Same setup and same results.

Latest modem firmware (VRLG7).

icebike says:

And my Nexus One. But then, its not ICS.

tyson.clarke says:

not touchwiz

Does anyone know if Lookout will help fight off this exploit?

IMEI comes up on AT&T Galaxy S2 Skyrocket running ICS. :-(

doug3673 says:

Yeah running official stock ICS 4.0.4 on my Galaxy S II LTE in Canada on Rogers (same phone as the Skyrocket basically) and my IMEI popped up in the dialer plain as day. Argh!

LordGeek says:

AT&T Samsung Galaxy S III with STOCK / I747UCALH9 .. Dialer appeared, NO IMEI :)

planoman says:

+1

Jordan2348 says:

same here!

darkmax says:

Samsung Galaxy Note, dialer appeared but no IMEI.

davinwv says:

Stock Sprint Galaxy SIII running LG8 - Dialer popped up with "#06#" appearing for a split-second, then just the dialer (no IMEI window).

+1

And I understand the language of "probably" okay, but not definitely. If nothing else than for legal purposes.

I also use Dolphin and a little Opera, so I'm betting I'm shielded, but I'm still gonna be more careful about what sites I visit until we get some kind of update.

KSoD says:

On my Samsung Galaxy Note the Dialer Appeared with the IMEI using both the stock browser and Chrome. This is on a Rooted Official ICS ROM. Might be switching to a CM9 or CM10 soon....

Mtn_Scott says:

VZW Rooted/Unlocked stock VRALF2................ Quick someone get a condom!!!!!!!

Need a shot of AOSP STAT. Will someone please make the dock audio out work.

Alex Dobie says:

So your IMEI showed up on LF2?

Mtn_Scott says:

I feel so dirty...

It popped up my MEID.

Edit: Note:running VRLG7 Baseband.

Bert336 says:

mine did, i am on Beanstown b11 which is baseband I535VRLF2

mikesmith says:

Got the blank dialer on my VZW stock S3.

abtxpress says:

Gnex. Running asop jro03r. Dialer pops up with *#06#. Press call and get Verizon error message.

Link can't be clicked on international galaxy s2 running ICS 4.0.3, i assume my device is safe

vic_singh says:

Bell S3 I got a blank dialer.. Everything looks good here

Cheetah23 says:

I clicked the link and got the dialer with the *#06# showing. The number then disappeared leaving the blank dialer showing. I refreshed the site and clicked on the link again and just a blank dialer appeared. No pop-up.

mssca says:

Same here... What that means in terms of this issue? I get *#06# and then it disappeared with just the numbers left on the screen. No IMEI pop-up.

mslizmarie says:

Note on ICS - got the IMEI.

Same exact thing here!

dogboi says:

Note on Cyanogen Mod 9. - got the IMEI

konaman01 says:

Rooted GS2 Epic 4G on sprint running ICS shows MEID on the dialer. Both stock browser and ICS Browser+.

lancehart says:

Sprint Epic Touch (SG2) running latest official Sprint firmware for ICS.
Popped up a MEID # when I tested it, is this the same as IMED?

Guessing I may be vulnerable....

Alex Dobie says:

Yeah, MEID is the CDMA equivalent of IMEI. And yeah, unfortunately it looks like you're vulnerable.

markinct says:

T-Mobile SGS3, updated to build IMM76D.T999UVALH2, totally stock/not rooted - dialer appeared, no numbers showed at all.

jazman_777 says:

+1 exact same here.

smoov_d says:

Just tested on Sprint Samsung Galaxy S2 on Android version 4.0.4 and it did show my IMEI number....yikes!!!!

randy_khoo says:

I'm using an International version of S3.
I tested, and the dialer came up, but there was nothing else.

baker2gs says:

Verizon S3 stock. First time I clicked the dialer showed up with *#06#, the second time and in Chrome the first time my IMEI number showed up.

Edit: first try blank internet page, refreshing the page shows the IMEI

Miguel31 says:

I have a Samsung galaxy s2 for t-mobile. And it's good. I only get the dial screen. Ics 4.0.4

LadyDi says:

I'm on the same provider and same phone but not ICS and the IMEI popped up for me but... on the page it was blocked by some frame issue. I actually had to click on the link within the error frame which I could not widen nor make longer. Anyhow. I'm gutted.

Miths says:

The dialer does pop up with my IMEI number on my Galaxy S2 (International/Danish version). Most disturbing is that it also happens in the other three browsers I tested - Chrome, Boat, ICS+. Wasn't this supposed to be a stock browser vulnerability only?

drendroid says:

Stock Sprint GS3 Running LI3 shows blank dialer. Tested both stock browser and Chrome.

Hope I'm safe ;-P

randy_khoo says:

I'm reading the comments, and it seems to be affecting the USA/Europe version of devices?

burger30 says:

imei showed up on my s2 ICS on bell

Vagrant_1 says:

Blank dialer on Verizon stock S3

RAW08 says:

Mine popped up, so what do I do now?

UTSkiBum says:

Samsung Vibrant shows IMEI. Can't believe that SAMSUNG will do anything to improve the VIBRANT.

Burner2K0 says:

T-Mo S3, no IMEI shown.

Taz89 says:

just tried it on my international s3 running ics... shows dialer and *#60# for split second but no imei number so hopefully this means am ok... will stick to my current firmware until this is fixed

dwain77 says:

AT&T official ICS, rooted (not that it probably matters). Dialer and IMEI...guess I better be careful till this is resolved?

Mafiatounes says:

S3 with Polish JB rom, dialer shows but no imei.

phor11 says:

If this is a Touchwiz exploit, will replacing the launcher with something like Zeam, ADW or GoLauncher patch it up?

Alex Dobie says:

No. TouchWiz is more than a launcher. You'll want to run a third-party dialer app if you're worried about this, as the vuln lies in the TouchWiz dialer.

BobbyPhoenix says:

But it's more than Touchwiz though as some HTC phones have this issue, and they don't run Touchwiz. It's and Android issue, not Samsung or just Touchwiz.

socal says:

Verizon SIII stock...MEID popped up.

Gimik says:

Codename: Android ROM 3.6 VZW GNex. got the #06# crap. No IMEI.

bb5683 says:

I'm safe, running the Sprint GS3 stock with the Google Now hack. No Root... Just did the test and the dialer came up blank, nothing happened .

borgib says:

It showed my IMEI on my AT&T Galaxy Note on a rooted Stock ROM, but I never use the stock browser so I'm not worried about it.

tyson.clarke says:

Vulnerability is in the dialer, not the browser.

Samsung Galaxy Note on Bell Canada is safe...
Found a way to be safer, instal an other dialer on your phone i.e. Go dialer, it will prompt you to choose a dialer if ever you fall on a malicious web page

jim_row says:

So here's an intresting wrinkle...I have several different dialer programs. Before the code would run, it prompted me to choose a dialer. It will only work with the stock dialer.

mavrrick says:

ATT Galaxy Note with running ICS gets the imei with both stock browser and Chrome

hormosapiens says:

dialer blank on att sgs3 rooted latest I747UCLH9.
otherwise CWM ready to install any cm10 based or AOKP or whatever i find in XDA. :)

Beacio_mo says:

S2 Skyrocket, IMEI and dialer shows, rooted running CM9 :'-(

kwirk says:

s3 here with ics on att, I747UCLH9 just the blank dialer appears.

Same phone, galaxy S2 international GT9100, dual boot:
CM9 23/09/2012 nightly got imei on chrome and stock, opera would not open the link
AOKP JB build 3, only stock browser, got code in dialer no imei

JB is the answer then?

Alex Dobie says:

If you're not running a TouchWiz ROM, you don't need to worry about this. The nasty part of this problem -- the part that factory resets your phone -- is in TouchWiz, not Android.

Zammo76 says:

My T Mobile UK S3 running latest firmware is OK.

SDBB_kick says:

Stock JB on Sprint GNex brought up *#06#.

I thought the GNex didn't have TouchWiz and wouldn't be vulnerable...what the $%&@!!!

Alex Dobie says:

It isn't vulnerable. The test doesn't apply to non-TouchWiz devices. Ignore the results. You're fine :)

SDBB_kick says:

Thanks Alex...freaking out there for a moment :)

konaman01 says:

You should be safe. The dialer needs to show your MEID or IEMI to be vulnerable.

menzoom says:

Galaxy note, AT&T, ICS. Imei number pops up on stock and chrome browser.
Where and how do I do a firmware update?

WallaceD says:

So... I clicked the link on my Bionic and it did launch the dialer and a pop-up with both my MEID HEX and DEC.

What does this mean?

Alex Dobie says:

Nothing, because it's not a Samsung phone. You're fine.

tc789 says:

The exploit of being able to run USSD codes directly from a webpage is now clearly an wider Android issue not a Samsung issue, the Samsung problem is there is a USSD code that resets the device. Which hopefully doesn't exist in other manufacturers phones.

So far the Samsung patched S3 and the Galaxy Nexus are the only phones I've seen not pop up with the IMEI when I've tried to exploit them. HTC One X and Sony Xperia both autodial the *#06# rather than show the code in the dialler meaning some other USSD code could be executed without user intervention.

Drayk says:

Rooted Baseband version I747UCLEM.....got the dialer AND IMEI #.
Now what!!!!!

Alex Dobie says:

Update your firmware.

OniBerry says:

Sweet! Dialer, no IMEI. SGS3

ksjones66 says:

MEID show's up on stock Verizon Galaxy S3. I downloaded Dialer One until firmware is upgraded, however I'm unsure how to set it as the default dialer on the S3. Any help greatly appreciated!

david7598 says:

I'm running CleanRom 2.1 on my Verizon galaxy s III and when I click the link my meid shows up.

jrwatt says:

Verizon GSIII running 4.0.4 with latest firmware. Using the chrome browser, the AC link opened my dialer and the *#06# flashed and then went away, leaving my dialer open but blank, and the MEID did not appear. Same thing happened using the stock browser. When I manually entered *#06# into the dialer it did bring up my MEID. So....yeh....

Alex Dobie says:

Manually entering the code will always bring up your MEID. As long as it didn't show it automatically when you clicked the link, you're good.

jrwatt says:

Yeah, I knew the manual entry would bring it up, I just wanted to see it happen, but thanks anyway.

How likely is it do you think that Samsung will bother patching the Fascenate, Vibrant, and other Galaxy S 1 variants ? I'm honestly curious ... still have my Fascenate but haven't used it in ages.

WallaceD says:

Thanks for helping calm our paranoia, Alex. It's appreciated.

Mihavit says:

Well I pro formed the rest on my verizon galaxy nexus and my dialer showed up with *#06# in there. No imei or need number appeared during the test.

NavyVet420 says:

Samsung Infuse with GB and I got the IMEI

I am using Go Launcher, Go Dialer, etc..

trevmar says:

Galaxy Note N7000 running GingerBread XXLA4. Dialer brings up IMEI. So I would be vulnerable except that first a screen pops up asking me if I want to send the call to GrooveIP or the Dialer. I am unlikely to ignore that popup :)

bdmridgback says:

GS3 up to date on Sprint and just shows blank dialer.
Good to go!

CeluGeek says:

Captivate Glide. I guess the UCLH2 ICS upgrade that crippled the keyboard backlight at least did something right, because the dialer launches but it is blank -- no IMEI window and no "*#06#" ready for dialing.

Ommadawn says:

Hmm. Ran the link on my rooted stock GB Galaxy Note, and it showed the IMEI. That's a worry, but thankfully I don't use the stock browser at all.

Nosferatu524 says:

CM10 on Jelly Bean for Galaxy S2 (AT&T) using Dolphin (I deleted all other browsers from my phone)

Propmted me which dialer I wanted to use (exDialer or Phone (stock)). If I chose stock it just shows the *06# code and does nothing.

If I chose exDialer it shows my IMEI.

Basically, if a website prompts my phone program as to which one to use I'm not picking any.

wallsg says:

Galaxy S Captivate with CM9.1.0-captivatgemtd

IMEI displayed. Not Touchwiz, so does this mean I'm not vulnerable?

Normally I use Chrome or Dolphin, not the stock browser. Does anyone still use that?

Gator352 says:

I wonder if crApple had something to do with this.....?

dunozilla says:

I am surprised no one tested this on a Galaxy Tab 7.7, seeing that it also functions as a phone with dialer and such. Clicking on the link, my international ICS Tab 7.7 with latest firmware opened the dialer AND popped up the IMEI (twice!). I guess this could explain my Tab's random restart? (Tab restarted itself randomly without any user input. It would suddenly turn on the screen and go through the boot up process!)

GidiKroon says:

I have tested the Tab 7.7 (stock HC), using my own test with different (harmless) codes, and codes that the SII executed, were blocked by the 7.7. Afterwards I have updated the SII to stock 4.0.4 and it is now also blocking these codes in my tests.
(I'm not talking about this site's test; there the IMEI popu does appear)

oldbaldy says:

My Cappy running stock GB is vulnerable:(
Installing Dialer One as we speak!!
Well at least I have a good excuse for getting a Galaxy S III now.Schwheatness

shirkey says:

My Galaxy Tab 2 10.1 (international with dialer) did *not* display the IMEI using either Chrome or native browser.

i have the samsung 2 epic 4g and my IMEI showed up with the dialer......it also said the firmware was up to date......oh wat do i do now?!

Uglyfido says:

My Sprint E4GT came up as vulnerable. :/ Now I have installed Dialer One since I was already familiar with the program from my Hero anyways. Hopefully Sammy gets this sorted out quick.

unglued94ta says:

International note running stock rooted ics lrq. Stock kernel. No imei, just blank dialer.

Nj763 says:

Shows up on Epic 4g Touch running FH13 ICS

swc1969 says:

Rugby Smart on AT&T. IMEI popped up. Update available. Updated and no more IMEI.

Running a stock Samsung Galaxy S Glide on Rogers in Canada.

The test website causes my IMEI to popup. Hooray! I have a f**king security hole the size of a moon crater phone.

Definition of awesome, thanks Samsung, thanks.

:(

Guess I'll have to hold out for the update...oh, wait, my phone is orphaned by both the manufacturer and the carrier. No hope for an update before hell freezes over. Darn.

Methinks I'll be calling Rogers tomorrow and breaking my contract. It's the only way to get out and buy something else...an iPhone 5 perhaps.

reevester says:

Then its time for you to go the Custom ROM way! :D

CM for the win!!

Fuzzi99 says:

S3 running latest Samsung dev jelly bean update, only the dialer pops up. No IMEI and no number waiting to dial

mjs1124 says:

Verizon S3 running LG7, the most recent update. All I got was the dialer and it was empty.

consultkrish says:

GT-I9300, running 4.0.4. Dialer pops up - no IMEI / other number on the dial pad.

sisko says:

Dialer only on my wife's Galaxy S III, but dialer and IMEI on my Atrix 4G. Go fig...

moke says:

stock 4.0.4 ... VRLG7 VZW SIII

no dialer, no IMEI

had an update pushed to me yesterday about noon.

8)

reevester says:

CM9 latest build running Touchwiz UX (SGS3 Version).

Pops up the dialer and shows my IMEI! :|

idik says:

Galaxy S3 XEO JB Safe ^^

Maseroche says:

Tried it and got *#06#! Thank God for that but hope that Samsung resolve this quickly.

mrayth says:

Stock international note got blank dialer, no imei

Confirmed MEID and dialer shown on SPRINT GALAXY S2

novahob says:

Just read that this app on google play is a short term fix https://play.google.com/store/apps/details?id=org.mulliner.telstop

Is it worth installing? Be nice if you guys could do a post on it, as to whether we should install or not. Thanks

theghall says:

Hope that edify exploit does not bypass the menu that asks which browser to use to complete the action.

onick says:

international galaxy s2 on stock ics 4.0.3, imei popped up. feeling paranoid.

CeluGeek says:

Samsung Galaxy Appeal (AT&T Go Phone) is vulnerable -- the test displays the IMEI, if you use the stock browser. Using Opera Mobile on the same phone produces an error message from the browser -- it doesn't even launch the phone dialer, so at least that could be a workaround.

avgantura says:

On my International SGS III I have installed AppLock, and when i click on the link on my stock browser, before my dialer pops up, App Lock shows up asking for unlocking code. I guess this can stop all this?

webbie2 says:

Can I just stay off the internet and I'll be fine? WHEN WILL THIS BE FIXED! ATT SGS2 and got the IMEI!!!!!!

Hanzz says:

The problem is not only on phones, it also occur on Samsung Android tablets: http://www.appsandroid.dk/joomla/nyheder/diverse-android-nyheder/956-din...

LurkMoar says:

geez am i the only one with this phone?

tmobile blaze 4g - IMEI popped up

Mo007 says:

Sprint S3 I got a blank dialer.. running build number IMM76D.L710VPALG8.
Looks good to me. There is nothing to worry about :)

R3537L1F3 says:

I have a stock Samsung Galaxy S Epic 4G and my MEID number shows up. Do you think Samsung will fix a phone that old? With Sprint still selling one (plus I sold one from my store the other day) this still would affect people for a year or two.

ungibbed says:

I thought my Galaxy S2 would have been affected but thankfully it will survive. (T-Mobile model. SGH-T989).

ICS 4.0.4 :-)

Moykong says:

At&t galaxy s3 and the imei number popped up.... Checked for update and says I have none...

n8ter#AC says:

AT&T Skyrocket Vulnurable.

GidiKroon says:

I do not agree with the test. It is using a very useful code, which the dialer may choose not to block.

Yesterday I had stock ICS 4.0.3 on my Samsung Galaxy SII and tested links with a different code. The code executed. I tested my Galaxy Tab 7.7 with stock HC and the code didn't execute. I used several codes and checked that they would execute if I entered them manually in the dialer.

Today I have stock ICS 4.0.4 on my SII. I did the same tests and the codes were blocked! So, yes, Samsung did fix the dialer in Touchwiz. The test on this site still shows the IMEI, so that code seems to be whitelisted.

I'm quite impressed with the speed with which Samsung fixed this...

rendonred says:

Ran the test on my Sprint Samsung SII Epic Touch which is running 4.0.4 the FH13 build and nothing happens, so I guess I am safe.

I ran it on my Epic 4G Touch running FH13 and I still got it? Mind retrying?

rendonred says:

Tried it twice just to be sure and it did not come up. Some may and some may not have it happen.

ijustintouch says:

I'm running CyanogenMod 9 on my HTC Rezound. Pulls up my MEID.

He said that non-Samsung phones aren't affected by the exploit, no matter if your MEiD comes up or not.

joyces_largo says:

Webpage not available

The webpage at tel:*%2306%23 might be temporarily down or it may have moved permanently to a new web address.

Suggestions:

Make sure you have a data connection
Reload this webpage later
Check the address you entered

what does this mean, i have SGS2 with jelly bean 4.1.1 RR by westcrip

febb says:

TESTED on threee (3) phones:

Phone 1
Galaxy Nexus: Stock 4.1.1 (Jelly Bean), yakju version of phone:

Result: Dialer appears and the input field is populated with *#06# but it stops
there, no IMEI is ever presented.

Same behavior with Stock browser, Chrome and Dolphin browsers.

Phone 2
Nexus One: with Cyanogenmod -7-20120902-NIGHTLY-passion.

Result: Dialer appears, the input field is populated with *#06# and IMEI IS
PRESENTED.

Phone 3:
Galaxy S I9000: with Cyanogenmod-9-20120727-NIGHTLY-galaxysmtd

Result: Dialer appears, the input field is populated with *#06# and IMEI IS
PRESENTED.

Wonder what are Cyanogenmod comments about this... and wonder what is the extent of the threat...danger... Even if there is no actual vulnerability now...it this an open door to it?

lorcha says:

Sprint Epic 4G Touch with Calkulin's GB ROM and Dolphin Browser: vulnerable.

Grumble grumble. Not cool, Samsung. Not cool.

Fryerman says:

Make sure you turn on NFC before running this test. Wifh NFC features turned off all appears weill.

StaplesJohn says:

Samsung Galaxy Note still with the exploit, yet this morning on the phone with Samsung, Samsung denied any exploit and told me that if my imei number popped up on the androidcentral USSD exploit test, then I should not use this website anymore. HUH................................

Made me laugh.

SteveIowa says:

People, I am not going to read all 141 comments. I did read a few dozen though. If you feel you may be susceptible, simply use a third party dialer. Like this one here (which I also happen to like much better) in GO Contacts EX, by the GO Dev Team > http://bit.ly/W0DKmB

Problem solved. Patches are already being pushed out.

ngrj93 says:

yes, third party antivirus solutions for android are already releasing standalone apps designed to tackle this issue.

LynneJ says:

I have a Galaxy Apollo and was affected. Thanks to a friend have downloaded Dialer One, so hopefully will be okay now :)

berglucht says:

Samsung galaxy S2 with CM10: dialer pops up with *#06# in the number readout.

Soylent Red says:

Tested with my Samsung Focus running Windows Phone 7, with a disturbing result. It opens a window asking to verify the number *#06# and a button that says "Call"... it's not a stretch to assume someone could be tricked into pressing "call".

I guess it's not just Android Samsung phones...

plunder says:

Sim Free S2 on Vodafone. Yes vulnerable, and but lookout warned me. So at least I got a warning. Thanks Jerry.

avgas says:

Run the test and appear to be vulnerable (sght989d/galaxys2xtelus) running ics and kies says its current.

"we recommend using a third-party dialer like Dialer One, and setting it as the default dialer until all this has blown over."

Did that too, but as I'm still a noob to android, how do i set it as default dialer?

hmicjm11 says:

it showed the imei. looks like I won't be using the stock dialer.

jrimmy91 says:

My US cellular S3 is safe! Glory hallelujah!

McTobe says:

The "Avast! Mobile Security" app block these kind of problems. :D

http://s9.postimage.org/5fmnbbem5/capture_02.png

Dagnabit! I had to do some phone gymnastics before I could test honestly. My antivirus, Webroot SecureAnywhere Complete, popped up its dialer shield, this danger warning Red page saying essentially, STOP, but does allow overrule. Who would overrule this warning which seldom happens. I had to disable that. Then when I took the test again, it offered me choice of stock dialer or the one I installed to replace the stock. I tried the one I installed to replace the stock dialer, the exploit didn't work. I then tried next test the stock dialer, the IMEI code was displayed. I use the DW Contacts & Phone & Dialer to replace the stock.

In my family we use Webroot SecureAnywhere Complete, protects 3 desktops and two Android phones, and some other kin and kith use Lookout, paid version, and they all, ones I've talked to so far have protection from it. They all use dialers other than the stock per my advice for performance and features.
I assume, from some statements here, and personal contacts, that many, if not most, security suites for Android protect against this exploit.

Though my phone is open to this exploit, my configuration and security is such that I feel secure from it.

YES Thank you! Stock and Chrome both came up blank. Then again any time AVG comes up with a warning about a site I RUN FOR THE HILLS. T-Mobile Galaxy S2 SGH-T989 Running stock ICS 4.0.4

Baka Tenshi says:

Am I blind or I can't find the button?
Samsung Galaxy Note running Android 4.1.2 Jelly Bean Official ROM

Sumeet Puri says:

Please help. I moved from iPhone world to awesome android and it's only been 5 days and I seem to have 'Security Policy Update' in the notification bar that I can't get rid of. Once clicked, my Samsung galaxy s4 will look for server settings to connect but fails every time. It's been on my notification from the last 2 days. Any help would be greatly appreciated.

Posted via Android Central App