Hackers may be able to secretly download malicious apps onto nearly half of all Android phones
Mar 26, 2015, 18:53 IST
A researcher at Palo Alto Networks has discovered a frightening Android vulnerability that could allow hackers to steal data from unknowing users. Even scarier, it could affect nearly half of all current Android users. Called the "Android installer hijacking vulnerability," the bug reportedly allows attackers to surreptitiously download apps to Android users without them knowing.Here's how it works:
- When an Android user installs an app, they are always directed to a permissions screen ensuring the user know what sort of requirements the app has.
- This vulnerability, however, indicates that if a user downloads an app from a third-party app store or an app promotion (that is, not Google Play), Android doesn't make sure that the app being presented to the user in the permissions page is the actual app being downloaded.
- This means that an attacker can "modify or replace the package in the background." That is, hackers can secretly change the files that you think you're downloading for other, more malicious ones. Think of it as an app bait and switch.