x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • Design flaw in Android could allow for malware to mimic legitimate apps

Design flaw in Android could allow for malware to mimic legitimate apps

Posted: , by Nick T.

Tags :

Design flaw in Android could allow for malware to mimic legitimate apps
Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk.

The latest vulnerability that was brought to our attention targets Android users, and although it has not caused any damage yet, it has the potential to give you quite a headache. It has been discovered that “a design flaw” in the Android operating system could allow for unwanted pop-ups to appear whenever a set application is running thus defiling your smartphone with annoying pop-ups. However, if executed properly, the flaw could potentially be used for phishing attacks to be targeted at your device.

In a nutshell, when the malware detects that your banking app or e-mail client, for example, is running, it can launch an identically-looking pop-up app asking for your credentials. What makes things worse is that the execution of the pop-up app can happen so fast that the user would probably never realize what has happened until it is too late. The malware could even install itself as a service and run seamlessly in the background even after the phone is rebooted.

There have been no registered cases of the so-called design flaw being used in a malicious way, but a proof-of-concept application has been demonstrated just recently at the DefCon hacking convention. That is why we have said it before and we will say it again - you should always be extra careful when downloading apps from any shady-looking software marketplaces as you never know what might be coming along with them.

source: CNET

55 Comments
  • Options
    Close






posted on 08 Aug 2011, 11:03 9

7. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


cue Android fans who will backpedal in 3...2..1..

posted on 08 Aug 2011, 13:49 5

23. mr.niceguy (unregistered)


derp.

posted on 08 Aug 2011, 11:10 7

8. HTCiscool (Posts: 449; Member since: 16 Jul 2011)


I think Taco, The_Miz, and SteveJobs are all the same person.

posted on 08 Aug 2011, 12:06 7

14. SteveJobs (Posts: 12; Member since: 24 Jul 2011)


You my friend are so wrong

posted on 08 Aug 2011, 14:54 3

25. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Oh no, you figured it out. I guess I better change both our names.

posted on 08 Aug 2011, 10:13

2. readingthissh1t (Posts: 303; Member since: 20 Jul 2011)


nother software update until ics

posted on 08 Aug 2011, 10:22 5

3. SuperAndroidEvo (Posts: 4857; Member since: 15 Apr 2011)


Oh boy the iSheep are going to have a field day with this! lol I don't get why people have these problems. I have had Android for more than 3 years & STILL no malware. I guess I have more common sense then other Android users! lol

"Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk." I mean what else needs to be said! Please JUST BE CAREFUL!

posted on 08 Aug 2011, 10:29

4. PeterIfromsweden (Posts: 1230; Member since: 03 Aug 2011)


You should get bada.
There is no malware for bada, and you can only download apps from Samsungapps where they all apps go through strict testing.
By the way SuperAnroid, please read my answer to your last post in the bada article (i answered you about 15 minutes ago in that article).

posted on 08 Aug 2011, 10:36 3

5. SuperAndroidEvo (Posts: 4857; Member since: 15 Apr 2011)


Yes but then I would have to get a feature phone. That would be a total downgrade from my HTC Evo 3D! I love my smart phone, & I have NEVER had a problem. Bada is definitely NOT for me. Thanks for the concern though! :-)

posted on 08 Aug 2011, 17:13 1

35. G-Reg (unregistered)


2 more than you

posted on 08 Aug 2011, 10:56 9

6. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Lol, Android has had a design flaw since day one. And google still can't do anything about this malware problem while iOS has virtually no security hacks. Wow Google, way to be on top of things.

posted on 08 Aug 2011, 11:13 7

9. CH (unregistered)


What's that I smell? Oh yes, Apple-fanboyism trolling at the decent Android folks again. Do us a favor and go shine your Apple silver-logos, will ya? And ask your mom to buy new Apple earbuds for 100€ lol.

posted on 08 Aug 2011, 11:17 9

10. HTCiscool (Posts: 449; Member since: 16 Jul 2011)


I'm sorry, which OS got jailbraked 1,000,000 times before release and then got a wikipedia page made about it titled ''History of iOS jailbreaking''?

posted on 08 Aug 2011, 11:39 7

11. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)


No iOS security hacks? Then why all of the urgent emergency to upgrade to iOS 4.3.5?

posted on 08 Aug 2011, 13:30 5

22. David Heim (unregistered)


"...iOS has virtually no security hacks."

Hey The_Miz, why don't you stop saying that apple has no hacks? You must be some ignorant apple fanboy who assumes that apple products can't get hacked. Why do people jailbreak their iphones or ipods or whatever the hell apple calls their products if people assume that they have a perfect product? Besides, I've had android for at least 2 years now and I haven't got a damned virus at all. If you know when and where to download an app, then you won't have a problem. So you know what? You can shove your previous comment up your ass and shut the hell up.

posted on 08 Aug 2011, 11:47 8

12. Sniggly (Posts: 7305; Member since: 05 Dec 2009)


Know what I love? How this entire explanation somehow skips the part where the malware actually gets on your phone. Seems from the hints that it's the same damn thing: when you're stupid enough to deal with the darkened store down the alley run by the snivelling little guy with missing teeth and an aura of evil which makes the Emperor look like a goddamned Care Bear.

posted on 08 Aug 2011, 11:50 3

13. SuperAndroidEvo (Posts: 4857; Member since: 15 Apr 2011)


lol That is so right! lol

posted on 08 Aug 2011, 14:55 5

26. The_Miz (Posts: 1496; Member since: 06 Apr 2011)


Oh how I'd like to meet you down a dark alley.

posted on 08 Aug 2011, 15:36 2

31. Sniggly (Posts: 7305; Member since: 05 Dec 2009)


If we do, can we braid each others' hair?

posted on 08 Aug 2011, 16:14 3

32. SuperAndroidEvo (Posts: 4857; Member since: 15 Apr 2011)


The_Miz I would have thought you would have said the entrance ramp for the Royal Rumble or something like that! I used to like Monday Night RAW! lol

posted on 08 Aug 2011, 15:19 5

29. taco50 (banned) (Posts: 5506; Member since: 08 Oct 2009)


exactly this is a NON ISSUE. I don't even know why it's being reported. I think PA is probably iSheep.

posted on 08 Aug 2011, 16:58 4

34. Sniggly (Posts: 7305; Member since: 05 Dec 2009)


I thumbed you up even though I know you're being horribly sarcastic AND even though you're using a strawman in order to try to make my position appear wrong.

Don't get me wrong, I get concerned over security issues, but that concern doesn't have to be in the form of hysterically abandoning an operating system I love because of an issue that, more likely than not, won't ever affect me.

posted on 08 Aug 2011, 12:09 9

15. SteveJobs (Posts: 12; Member since: 24 Jul 2011)


Perfection can only be achieved by me

posted on 08 Aug 2011, 13:05 2

20. SuperAndroidEvo (Posts: 4857; Member since: 15 Apr 2011)


SteveJobs you are the funniest guy here in PhoneArena.com! lol

posted on 08 Aug 2011, 18:29 3

37. wumberpeb (Posts: 453; Member since: 14 Mar 2011)


Steve, I actually laugh when you post something...

posted on 09 Aug 2011, 08:09 3

49. SuperAndroidEvo (Posts: 4857; Member since: 15 Apr 2011)


Me too wumberpeb! lol

posted on 08 Aug 2011, 12:34 2

17. Sniggly (Posts: 7305; Member since: 05 Dec 2009)


Okay.

posted on 08 Aug 2011, 12:39

18. iosmaster (Posts: 115; Member since: 06 Jul 2011)


WATCH THE PIC ITS EPIC FUNhttp://obamapacman.com/2011/08/hypocrite-google-executive-cries-foul-when-patents-attack-android/

posted on 08 Aug 2011, 12:45 8

19. Stuntman (Posts: 836; Member since: 01 Aug 2011)


You mean if I have a device that is a computer I can get malware? Boy, I'm so glad I read this article because I would have no idea that this could happen otherwise. :p

Security flaws exist in all products. Android phones are not the only ones that have security flaws. Don't think that using a non-Android phone means you are immune to malware. I've seen other articles publicising security flaws in other phones as well.

Hopefully the publicity that this article generates will spur Google on to get this flaw fixed.

posted on 08 Aug 2011, 14:10 5

24. PhoneArenaUser (Posts: 5498; Member since: 05 Aug 2011)


Agree.

* Some comments have been hidden, because they don't meet the discussions rules.

Want to comment? Please login or register.

Latest stories