Design flaw in Android could allow for malware to mimic legitimate apps

Design flaw in Android could allow for malware to mimic legitimate apps
Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk.

The latest vulnerability that was brought to our attention targets Android users, and although it has not caused any damage yet, it has the potential to give you quite a headache. It has been discovered that “a design flaw” in the Android operating system could allow for unwanted pop-ups to appear whenever a set application is running thus defiling your smartphone with annoying pop-ups. However, if executed properly, the flaw could potentially be used for phishing attacks to be targeted at your device.

In a nutshell, when the malware detects that your banking app or e-mail client, for example, is running, it can launch an identically-looking pop-up app asking for your credentials. What makes things worse is that the execution of the pop-up app can happen so fast that the user would probably never realize what has happened until it is too late. The malware could even install itself as a service and run seamlessly in the background even after the phone is rebooted.

There have been no registered cases of the so-called design flaw being used in a malicious way, but a proof-of-concept application has been demonstrated just recently at the DefCon hacking convention. That is why we have said it before and we will say it again - you should always be extra careful when downloading apps from any shady-looking software marketplaces as you never know what might be coming along with them.

source: CNET

FEATURED VIDEO

55 Comments

7. The_Miz

Posts: 1496; Member since: Apr 06, 2011

cue Android fans who will backpedal in 3...2..1..

23. mr.niceguy unregistered

derp.

8. HTCiscool

Posts: 449; Member since: Jul 16, 2011

I think Taco, The_Miz, and SteveJobs are all the same person.

14. SteveJobs

Posts: 12; Member since: Jul 24, 2011

You my friend are so wrong

25. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Oh no, you figured it out. I guess I better change both our names.

2. readingthissh1t

Posts: 303; Member since: Jul 20, 2011

nother software update until ics

3. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Oh boy the iSheep are going to have a field day with this! lol I don't get why people have these problems. I have had Android for more than 3 years & STILL no malware. I guess I have more common sense then other Android users! lol "Convinced that your smartphone is immune to malware? Well, as long as you don't download any apps coming from suspicious sources, then you are virtually safe, but the thing is that every single mobile platform has its own security flaws exposing your privacy at risk." I mean what else needs to be said! Please JUST BE CAREFUL!

4. PeterIfromsweden

Posts: 1230; Member since: Aug 03, 2011

You should get bada. There is no malware for bada, and you can only download apps from Samsungapps where they all apps go through strict testing. By the way SuperAnroid, please read my answer to your last post in the bada article (i answered you about 15 minutes ago in that article).

5. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Yes but then I would have to get a feature phone. That would be a total downgrade from my HTC Evo 3D! I love my smart phone, & I have NEVER had a problem. Bada is definitely NOT for me. Thanks for the concern though! :-)

35. G-Reg unregistered

2 more than you

6. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Lol, Android has had a design flaw since day one. And google still can't do anything about this malware problem while iOS has virtually no security hacks. Wow Google, way to be on top of things.

9. CH unregistered

What's that I smell? Oh yes, Apple-fanboyism trolling at the decent Android folks again. Do us a favor and go shine your Apple silver-logos, will ya? And ask your mom to buy new Apple earbuds for 100€ lol.

10. HTCiscool

Posts: 449; Member since: Jul 16, 2011

I'm sorry, which OS got jailbraked 1,000,000 times before release and then got a wikipedia page made about it titled ''History of iOS jailbreaking''?

11. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

No iOS security hacks? Then why all of the urgent emergency to upgrade to iOS 4.3.5?

22. David Heim unregistered

"...iOS has virtually no security hacks." Hey The_Miz, why don't you stop saying that apple has no hacks? You must be some ignorant apple fanboy who assumes that apple products can't get hacked. Why do people jailbreak their iphones or ipods or whatever the hell apple calls their products if people assume that they have a perfect product? Besides, I've had android for at least 2 years now and I haven't got a damned virus at all. If you know when and where to download an app, then you won't have a problem. So you know what? You can shove your previous comment up your ass and shut the hell up.

12. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Know what I love? How this entire explanation somehow skips the part where the malware actually gets on your phone. Seems from the hints that it's the same damn thing: when you're stupid enough to deal with the darkened store down the alley run by the snivelling little guy with missing teeth and an aura of evil which makes the Emperor look like a goddamned Care Bear.

13. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

lol That is so right! lol

26. The_Miz

Posts: 1496; Member since: Apr 06, 2011

Oh how I'd like to meet you down a dark alley.

31. Sniggly

Posts: 7305; Member since: Dec 05, 2009

If we do, can we braid each others' hair?

32. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

The_Miz I would have thought you would have said the entrance ramp for the Royal Rumble or something like that! I used to like Monday Night RAW! lol

29. taco50

Posts: 5506; Member since: Oct 08, 2009

exactly this is a NON ISSUE. I don't even know why it's being reported. I think PA is probably iSheep.

34. Sniggly

Posts: 7305; Member since: Dec 05, 2009

I thumbed you up even though I know you're being horribly sarcastic AND even though you're using a strawman in order to try to make my position appear wrong. Don't get me wrong, I get concerned over security issues, but that concern doesn't have to be in the form of hysterically abandoning an operating system I love because of an issue that, more likely than not, won't ever affect me.

15. SteveJobs

Posts: 12; Member since: Jul 24, 2011

Perfection can only be achieved by me

20. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

SteveJobs you are the funniest guy here in PhoneArena.com! lol

37. wumberpeb

Posts: 453; Member since: Mar 14, 2011

Steve, I actually laugh when you post something...

49. SuperAndroidEvo

Posts: 4888; Member since: Apr 15, 2011

Me too wumberpeb! lol

17. Sniggly

Posts: 7305; Member since: Dec 05, 2009

Okay.

18. iosmaster

Posts: 115; Member since: Jul 06, 2011

19. Stuntman

Posts: 843; Member since: Aug 01, 2011

You mean if I have a device that is a computer I can get malware? Boy, I'm so glad I read this article because I would have no idea that this could happen otherwise. :p Security flaws exist in all products. Android phones are not the only ones that have security flaws. Don't think that using a non-Android phone means you are immune to malware. I've seen other articles publicising security flaws in other phones as well. Hopefully the publicity that this article generates will spur Google on to get this flaw fixed.

24. PhoneArenaUser

Posts: 5498; Member since: Aug 05, 2011

Agree.

* Some comments have been hidden, because they don't meet the discussions rules.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.