A new Android security flaw has come to light that could potentially expose your Android smartphone to a lot of malware. Google has reportedly confirmed that it is aware of the issue, and has said that the fix will arrive with Android O. Now, Android O’s commercially release is still months away, which means users will remain exposed to the flaw till then.
The flaw was first found by research firm Check Point, and it claims that the exploit exposes users to malware attacks like “ransomware, banking malware and adware.” The flaw resides in the app permissions settings, which keeps one permission called SYSTEM_ALERT_WINDOW enabled by default. This permission would let an app display over any other app without notifying the user. Check Point notes, “This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans. It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices.”
Google has reportedly acknowledged the issue, and confirmed that the issue is being dealt with in Android O. Firstly, Android O is still a months away from running on stable version, and users remain exposed to it till then. Secondly, not all devices are going to be upgradable to Android O, which means that the issue is being dealt with for only a few users, while the rest would still remain exposed to it. Also, those few devices that will receive Android O, may not get the update from their OEM right away, and it could only arrive sometime next year.
To further validate this as an actual threat, Check Point says that 74 percent of ransomware, 57 percent of adware, and 14 percent of banker malware abuse this feature. If Google is listening, it needs to solve this issue urgently, and across all Android devices, not just the new ones.