Google Says Android Bug Overblown
Google says a set of security flaws on Android devices may not be as serious as initially feared. It says 90 percent of devices should be largely immune from what's been dubbed the "Quadrooter" exploit.
A security research company found the problem in software which works with processors manufactured by Qualcomm, which are used in an estimated 900 million Android devices. The bugs affect the communication between different actions (known as processes) running on the phone at the same time.
The name of the exploit (Quadrooter) comes from the fact that there are four vulnerabilities which could allow root access to the phone, which then means malicious software could then be executed without the owner knowing.
Rogue Apps Could Get Total Access
Researchers at Checkpoint say the bugs aren't in the core Android operating system but rather in the software that phone and tablet makers add when building a device - in this case, to make sure the processor works.
They say that in theory users could be tricked into installing a rogue application which could exploit the vulnerabilities and effectively give remote control to all the functions and data of the device. This could mean turning the device itself into a spying tool. (Source: checkpoint.com)
Google Notes Existing Defenses
Google has welcomed Checkpoint's research, but points out that Android has safeguards that would severely restrict Quadrooter from working. It says apps exploiting such vulnerabilities are already blocked from the main Google Play app store, so hackers would need to trick the user into downloading and installing the rogue app from another source.
Android already warns users to think twice before installing unverified apps (which are not from the app store), requiring them to click a confirmation after seeing the message "Installing this app may harm your device." One of the four vulnerabilities could get through this way, but only if the user went ahead with the installation despite the warning. Google plans to issue a patch for this vulnerability and is also encouraging manufacturers to issue a patch created by Checkpoint.
The other three vulnerabilities would all be caught by a feature called "Verify Apps," which was introduced in Android 4.2 and used on 90 percent of Android devices. Verify Apps scans any app from an untrusted source and, if it spots something suspicious, completely blocks the installation without giving the user any option to proceed. (Source: androidcentral.com)
What's Your Opinion?
Do you ever install Android apps from sources other than the Google Play store? Does Google do enough to maintain security while exercising less control and restriction than Apple? Is it right to completely block some apps rather than let the user take the final responsibility and risk?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Installing Android app from non-Google website
I have an Android 5 (Lollipop) phone. I was HUGELY disappointed to find out that the Google Play Store would not permit me to install a necessary (to me) home automation app called Wemo, even though Wemo was supposed to be compatible with Android 5. So I ended up downloading and installing Wemo from http://apkdler.com . Wemo on my Android 5 does have a minor problem, but it doesn't bother me at all. If the Google Play Store had allowed me to install it with the caveat that it might not work perfectly, I wouldn't have looked elsewhere to get it.