ANDROID 7.0 NOUGAT will have added security to prevent malware, especially ransomware, resetting passwords and locking owners out of their device.
The long overdue security measure comes after the Android platform was invaded by a wave of ransomware, particularly Android.Lockdroid.E and its variants, in late 2015.
Dinesh Venkatesan, a principal threat analysis engineer at Symantec, said in a Security Response blog post: "These variants scare victims with a system error GUI and then reset the lockscreen password used to access the device.
"Even users who manage to remove the malware without resetting the device may be unable to use the phone because they won't be able to get around the password the malware sets."
The malware can reset a PIN or pattern-style password in Android by invoking the resetPassword API.
"In order to invoke this method, the calling application must be a device administrator," explained Venkatesan.
"The upcoming Android version ... will introduce a condition so that the invocation of the resetPassword API can only be used to set the password and not to reset the password."
This ensures that malware cannot reset the lockscreen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat.
"Backward compatibility would have allowed malware to reset the lockscreen password even on newer Android versions. With this change, there is no way for the malware to reset the lockscreen password on Android Nougat," Venkatesan said.
However, the measure won't protect people who have not set a password, and who therefore deserve everything they get.
Venkatesan concluded: "The new feature will also affect standalone disinfection utilities, which also depend on the resetPassword() API. A disinfector utility is an automated tool designed to help users whose devices are infected with malware.
"The disinfector should clean the malware [and] reset the arbitrary password set by the threat during its infection routine.
"Before Android Nougat, the disinfector calls the resetPassword() API to achieve this functionality. However, with Android Nougat's new restrictions, the disinfector's ability to call that API is bound to fail." µ
Slack attack whacked
Power glitch is thought to be hardware-related
Remember that sandwich from 2013?
Twitter tipster claims hardware will remain unchanged