Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Big time Android flaw won't be fixed until next build is released

63
Big time Android flaw won't be fixed until next build is released
A serious flaw discovered on Android by cyber security firm Check Point is known by Google, but won't be fixed until the next build of the Android OS is released later this year. The flaw can lead to a number of malware attacks resulting in "ransomware, banking malware and adware." And while Android O does remove this vulnerability from the software, it still leaves a large number of phones not expected to receive the upgrade, wide open for attack.

It all revolves around a permissions category that contains one permission, SYSTEM_ALERT_WINDOW. Originally added with Android Marshmallow, this permission was supposed to be manually agreed to by the phone's user. To prevent them from having to grant permission to add functionality to apps already installed, in Android 6.0.1 Google allowed SYSTEM_ALERT_WINDOW to be enabled by default with any app coming from the Google Play Store. However, this left Android handsets open to "displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans," according to Check Point. The latter says that 74% of ransomware, 57% of adware, and 14% of banker malware uses this flaw to inflict real time harm.

This is not an opening that can be theoretically abused. According to Check Point, these things are happening, now. And while Android O will prevent this by using a new restrictive permission called TYPE_APPLICATION_OVERLAY. To protect Android users until the next build of Android is disseminated, Check Point gives simple, but solid advice. "Beware of fishy apps," it says, even those in the Google Play Store. They also advise those installing apps to read comments written by others, and watch for permissions that are not relevant to the workings of the app being installed.

source: CheckPoint via BGR

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless