Breaking News

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS Creative Launches Aurvana Ace 3 GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds Logitech announces MX Master 4

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

New Android Installer Vulnerability Exposes Android Device Users to Data Theft

New Android Installer Vulnerability Exposes Android Device Users to Data Theft

Smartphones Mar 24,2015 0

A vulnerability in Google's Android mobile operating system allows attackers to hijack the installation of a seemingly safe Android application -- Android Package File (APK) -- on user devices, and replace it with an app of the attacker's choice, without user knowledge. Discovered by security firm Palo Alto Networks, the vulnerability, is estimated to affect about 49.5 percent of current Android device users. It allows attackers to potentially distribute malware, compromise devices and steal user data.

According to Palo Alto Networks researcher Zhi Xu, the vulnerability exploits a flaw in Android's "PackageInstaller" system service, allowing attackers to silently gain unlimited permissions in compromised devices.

During installation, Android applications list the permissions requested to perform their function, such as a messaging app requesting access to SMS messages, but not GPS location.

This vulnerability allows attackers to trick users by displaying a false, more limited set of permissions, while potentially gaining full access to the services and data on the user's device, including personal information and passwords.

While users believe they are installing a flashlight app, or a mobile game, with a well-defined and limited set of permissions, they are actually running potentially dangerous malware.

The vulnerability affects Android applications downloaded from third-party sources, and does not affect applications accessed from Google Play.

Google and Android device manufacturers such as Samsung and Amazon are aware of the issue and plan to patch the vulnerability in affected versions of Android. But some older-version Android devices may remain vulnerable.

Tags: androidandroid
Previous Post
New Pioneer Home Theater Receivers Feature Dolby Atmos
Next Post
Logitech Unveils Advanced Wireless Mouse

Related Posts

  • What’s new in Android 15, plus more updates

  • Connecting all things Android at MWC Barcelona

  • New features for businesses in Android 13

  • Lucky number Android 13: The latest features and updates

  • What’s beta than Android 13?

  • HLDS UD Station DVDRW (Preview)

  • Android Gets a New Keyboard for Typing Braille

  • New Opera for Android Offers More Data Savings, New Blockchain-browsing Features

Latest News

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS
Cameras

Sony Unveils Sony FE 100mm F2.8 Macro GM OSS

Creative Launches Aurvana Ace 3
Consumer Electronics

Creative Launches Aurvana Ace 3

GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design
Gaming

GIGABYTE Announces Availability of 27” QHD 280Hz WOLED Gaming Monitor MO27Q28G with 4-Sided Borderless Design

Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds
Enterprise & IT

Crucial ® LPCAMM2 Powers AI-Ready Laptops With Breakthrough 8,533MT/s Speeds

Logitech announces MX Master 4
Enterprise & IT

Logitech announces MX Master 4

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed