Use Android – how to walk through a minefield. You never know where it might burst. After all, at first glance, the operating system seems to be quite friendly and functional, but if you start to understand, you can find so many bugs and vulnerabilities that you want to hide your smartphone in a drawer and never use it again. Most, of course, do not even suspect that something is wrong with their devices, living according to the principle 'I do not know – then no'. But the danger of all flaws Android does not disappear from this. You don't need to go far for examples.
Bug Android allowed to steal application data
You've probably noticed that many applications for Android can be updated bypassing Google Play. Google has specifically added this feature for developers so that users who have auto-update disabled can get the latest builds when they sign in to the app. Unfortunately, an error was discovered in this mechanism, which allowed, along with updates, to download to users' devices malicious modules capable of stealing confidential data from other applications to which their creators had nothing to do.
Bug in Android
Data was stolen due to a bug in the auto-update mechanism
According to Oversecured researchers, it will be quite easy for attackers to exploit the bug in question. They specifically created an experimental program from several lines of code and sent an update to it with a malicious module aimed at stealing data from Google Chrome. Built-in security tools skipped the update, not suspecting anything strange about it. As a result, all data that the browser possessed was stolen without interference from the outside Android.
With the help of such malicious modules, you can steal the following types of data:
- SMS messages
- Authorization codes
- Bank card details
- PIN codes
- Correspondence in messengers
- Calendar data
That is, this list includes all those data that have any significant value for users. Therefore, the danger posed by the bug Android was extremely high.
Old smartphones on Android, apparently, remained with a bug
Despite the fact that the bug that allowed exploiting the built-in update mechanism was fixed this spring, apparently, this only affected supported devices. In any case, there have been no special updates for old smartphones, whose support has already ceased, recently, except for the update for the five-year Huawei Mate 9. But, as far as can be judged from the composition of the patch, it was focused solely to expand the functional range of the smartphone, and not to fix vulnerabilities.
What conclusion can be drawn from this? A huge number of devices running Android are still vulnerable to this bug. Of course, Google recommended that developers change the software composition of their applications in order to protect them from exploitation of a bug and the possibility of extracting sensitive data, but I would not count on their promptness. Practice shows that most studios do not care about Google's requests, if their failure does not threaten to remove the application from Google Play.