This Critical Android Security Flaw Remains Unfixed by Google

Google’s Android operating system has a serious security issue which can allow hackers to penetrate devices using malicious software and there seems to be no fix issued for the current generation of Android Nougat.

Asif Islam / Shutterstock.com

The vulnerability has been present ever since Google introduced a new permission for apps in Android 6.0 Marshmallow which allowed an app to display over any other app.

Earlier, this permission — System_Alert_Window — had to be manually granted by the user, but with the advent of apps like Facebook Messenger and other which use on-screen pop-ups, Google grants it by default.

“This flaw exposes Android users to several types of attacks, including ransomware, banking malware and adware,” CheckPoint, an internet security software company which found this flaw, stated.

Google has confirmed that this flaw is being dealt with in the upcoming Android ‘O’ operating system.

But this leaves a chunk of users, who don’t have devices with the capability to upgrade to the operating system, vulnerable to attacks.

How Serious is the Issue?

Pretty serious, to be honest. But it’ll need sheer diligence on the part of the attacker to get into your device since the only way to do so is via the Google Play Store.

Although the vulnerability, if exploited, can lead to a full-fledged ransomware or adware attack, but it won’t be easy for a hacker to initiate.

All the apps that you download from the Play Store are scanned for malicious codes and macros. So, the attacker will have to circumvent Google’s inbuilt security system to gain entry into the app store.

If they’re able to do so, then you’re in a lot of trouble.

The ‘System_Alert_Window’ permission is considered dangerous as it exposes the device completely to the app with access to this permission as it enables the app to display its content over any other app without even notifying the user.

“This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows which are common with banking Trojans,” CheckPoint added.

Their report also mentioned that access to this permission is responsible for 74% of ransomware, 57% of adware and 14% of banker malware attacks on Android devices.

Google’s Fix

As mentioned above, Google will apply a fix to this serious security flaw in Android O but according to recent reports, 32 percent devices are still running on Android 5.0 Lollipop and 31.2 percent are running on Android 6.0 Marshmallow, with only 6.6 devices on Android Nougat.

Going by these stats, only a handful of the current devices will be upgraded to Android O, since so few have yet received Android Nougat update.

The remaining devices which won’t get the Android O update will still be vulnerable to attacks.

Safety Measures

One of the very basic safety measures is to be wary of what software you install on your phone and always check for permissions required by the app.

An installed app, in a way, gains access to a lot of features of your device and any malicious app could work around these permissions to harm you as much as possible.

Always look at other users’ review for the app and check the permission required to run the app.

Another basic but often neglected security measure is to installing a full version of an anti-virus software — like the ones on your PC — that can protect your device in real time and is capable of blocking malware.

Show Comments Hide Comments