74% of malware have been exploiting a security hole on Android. Shouldn’t Google be doing something about it sooner? Although there’s been a lot of buzz surrounding how a security flaw in Google’s mobile operating system (OS) is being exploited by most malware, the search engine giant doesn’t seem too bothered by the fact. Even as a potent ransomware, WannaCry, attacked almost a quarter of a million computers recently, the company thinks the Android security hole should be patched by the next Android OS release.
Wondering how soon this upcoming Android OS will be made public? Tentative reports suggest it’ll be released in August.
The cyber security firm, Check Point, reported that 74% of today’s active ransomware takes advantage of a major Android OS flaw: “SYSTEM_ALERT_WINDOW.” This command is responsible for putting the lock screen up as well as allowing an app to display above all other programs.
Besides ransomware, the security company also reports that the said Android security flaw has been abused by more than half of the malware we’ve seen. They mentioned in the same post that 17% of banking Trojans use the said command line, too.
In a real-world application, the permission enables an app to display over any other app without notifying the user. It comes as no surprise that the likes of adware, click-jacking windows, phishing scams, and Trojans have been adopting the app permission.
Ransomware in Action
For those that don’t know, ransomware is a piece of malicious software built to interfere with a device’s function until the victim pays a ransom electronically. It does that by encrypting files in the local drive or disrupting its current process. It then decrypts/opens the system when the user pays the ransom—often in the form of bitcoins. Experts say that ransomware designed to attack PCs and Macs typically differ from those built to target smartphones.
Those meant to victimize computers will often encrypt files on the hard drive after the unit gets infected. You’ll be left with no choice but to give in to the hacker’s monetary demands or else, you may lose all your precious files. When you do pay up, attackers often send you the decryption key to give you back access to your computer. On the other hand, a ransomware attacks smartphones differently. Because there aren’t too many files to encrypt on such a device, a ransomware will forcefully overlay the screen until a ransom note appears. It’ll only disappear once a user pays up.
Google Recognizes Android Security Dilemma
The tech giant has been aware that the command line in question is problematic. It may have obvious value to different kinds of malware, but it’s undoubtedly necessary to less malicious apps. The fact is that safe apps like Facebook and others need the command to function.
Seeing a potential for abuse, the Android OS-maker has put in place a safety valve years ago: only apps downloaded from Google Play store can use SYSTEM_ALERT_WINDOW. Google simply polices apps shown in the Play store and blocks any app misusing the command.
Flaw in the Plan
Google vetting apps in the Play store allows the company to block any apps abusing the command line. That’s why the Mountain View giant confidently claims that it can keep most Android devices malware-free by means of its unique security measure.
Reports reveal, however, that Google Play isn’t the only place people download apps for their Android smartphones and tablets. The Play store may be where most US and European users download their apps, but there are parts of the world where the Android store is either blocked due to local restrictions or simply unavailable. In some cases, people just prefer downloading mobile programs from unofficial, mostly unknown sources.
Android System May Be Vulnerable
Despite Google’s claims of Android security, we’ve seen a fair share of malware consistently slipping through the radar. Gooligan, WannaCry, and other less known threats are clear evidence of this fact.
With all these things considered, it may be safe to say that all current Android versions may be open to cyber attacks. Most malware creators targeting Android have widely exploited the system’s permission vulnerability and it may only be a matter of time when the next, big Android malware hits.
Long-Running Android Security Flaw
This permission vulnerability began way back when Android Marshmallow was introduced in 2015.
After Check Point uncovered the Android security flaw, it immediately reported the vulnerability to Google. The tech giant responded, saying that the issue is already being dealt with. The company adds that it would only be patched in the next Android version release (‘Android O’), which is coming in a few months.
Protecting Your Android Device
The good news is that keeping Android malware at bay is a matter of common sense. Staying within Google’s folds could pretty much keep you safe from almost all cyber threats out there. Venture into unknown territory and you could be in danger in no time.
So, how do you keep your Android gadgets malware-free? Here are the basics:
- Be vigilant with app permissions. While Play store makes information on app permissions publicly accessible before you can download any app, most of us probably don’t read them. We all should. Although Android apps aren’t exactly malware, some might be snooping on your data. If a weather app is asking you access to your contacts list, be a little skeptical about downloading it.
- Disallow installation from unknown sources. In theory, your Android device’s first line of defense is simply you not messing around with its default security settings. To check if this setting is in place, navigate to Settings > Security > Unknown Sources. The checkbox to the right of this option has to be kept unticked.
- Don’t root your Android device. Rooting your Android tablet or phone is basically running the device in administrator mode. Sure, it opens your device to a world of features and possibilities, but it’s a security risk than anything else. A lot of malware need root access to function and a rooted device makes you extra vulnerable to cyber attacks.
With Android security patches still on their way, hopefully no other major malware strikes our Android devices by then.