Researchers at Palo Alto Networks' (PAN) Unit 42 have disclosed the details behind a widespread vulnerability that impact 49.5 percent of the current Android base. The flaw enables attackers the ability to hijack the installation of an application, without the user's knowledge.
The malicious bait and switch happens during the install process. As an app is installed, users are presented with a list of permissions required by the app itself, something most users ignore – agreeing to them blindly in order to move the process along.
However, the flaw discovered by Unit 42 researchers would allow an attacker to display a false, more limited set of permissions, potentially gaining full access to the device.
The reality is then one where a user thinks they're installing a harmless app, such as a game with a limited set of permissions - when in fact they've granted full access to malicious software.
While Unit 42 researchers have worked with Google, and manufacturers makers such as Samsung and Amazon to fix the issue, a large chunk of Android users are still vulnerable, as they have no way to update their devices to the latest Android build.
PAN has developed a scanner that will determine if a given device is vulnerable, which is available on Google Play. The Google security team has stated that they've not detected any attempts to exploit this vulnerability on user devices. Moreover, the Android Open Source Project includes the patches needed to mitigate the issue on Android 4.3 and later versions.
There's an upside to the story though; one that might help prevent any attacks leveraging this vulnerability in the future.
Recently, Google confirmed that for the last few months they've been using automated scans, as well as manual checks performed by humans when it comes to screening apps submitted to Google Play.
These manual checks are performed by a team of experts that check for malware and other malicious settings, including policy violations.
Ryan Olson, Unit 42 Intelligence Director, said that using this double-sided approach could decrease the chance of someone submitting an app that exploits this issue.
"We don’t know the specifics of how Google’s process has changed in recent months, but more scrutiny of applications entering the app store is likely to decrease the chance of an app which exploits this vulnerability entering their store," Olson told Salted Hash.
The full report from Unit 42 is available here.