Reportedly, Android has one of its biggest security holes ever. In fact, almost 50 percent of Android devices are vulnerable to an attack that can swap out a user’s pre-installed app with malware that can round up sensitive data. The reports of the security breach have been taken seriously enough that Samsung, Google and Amazon have released patches for devices, but a credible report says that about half of Android devices are still at risk.
According to PaloAlto Networks:
“We discovered a widespread vulnerability in Google’s Android OS we are calling “Android Installer Hijacking,” estimated to impact 49.5 percent of all current Android users. In January 2014, we uncovered a Time-of-Check to Time-of-Use (TOCTTOU) vulnerability in Android OS that permits an attacker to hijack the ordinary Android APK installation process. This hijacking technique can be used to bypass the user view and distribute malware with arbitrary permissions. It can substitute one application with another, for instance if a user tries to install a legitimate version of “Angry Birds” and ends up with a Flashlight app that’s running malware. We are calling the technique that exploits this vulnerability Android Installer Hijacking. We have been cooperating with Google and major manufacturers such as Samsung and Amazon to patch affected Android devices.”
Read more at Ostatic
