Android flaw succeeds despite security advice

There are some basic rules for mobile security that have long been thought to keep you in the clear. But researchers have discovered these rules might not be able to protect Android devices from “pileup” malware. 

IT has long urged users to:

Not good enough

But researchers from Indiana University have discovered a flaw across all versions of Android that could work around these rules.

It starts with users downloading apps that ask for very few and seemingly harmless permissions. The apps remain dormant on the users’ devices, not causing any problems.

But when users upgrade their OS to a newer version, code embedded in the app kicks into gear. Because of a flaw in how Android evaluates apps during the upgrade, these apps can automatically be granted new permissions without users have to approve them.

Suddenly, these harmless apps could commandeer a phone, be given permission to read text messages or voicemails or download more malware. And users remain none-the-wiser to this spyware.

With only 2.5% of Android users running the most up-to-date version, that means that anyone who upgrades could be at risk.

What to recommend

So if the old rules of security are out, is there any way to protect users? The short answer is, yes.

First off all, antimalware apps should be able to detect at least some of these risks if they’re being exploited. Make sure to recommend users install trusted mobile antimalware programs.

Also, recommend that they avoid any unrequested invitations to download apps. Even if they’re redirected to a reputable source like the Play store, users should be suspicious of these downloads.

Finally you may want to recommend users do a little spring cleaning, getting rid of any apps that they haven’t used recently. Often the most dangerous apps are the ones sitting on your phone that you never think about after getting them.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy