A DESIGN FLAW DEEP IN THE ANDROID OS that could ruin your week via bad apps in the Google Play store will not be fixed until the release of Android O, which we are assuming will stand for 'Opal Fruits'.
According to one of the security companies that leap up and down about this sort of thing a lot of punters are vulnerable to the SYSTEM_ALERT_WINDOW threat. This is actually a feature that Google introduced to to Android and one that CheckPoint - our hero here - says that punters should look out for.
SYSTEM_ALERT_WINDOW lets an app launch another app without the knowledge of the user, security wise it ain't great.
"The reason SYSTEM_ALERT_WINDOW is unique is the extensive capability it withholds, by enabling an app to display over any other app without notifying the user. This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans," said CheckPoint.
"It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices. According to our findings, 74 per cent of ransomware, 57 per cent of adware, and 14 per cent of banker malware abuse this permission as part of their operation. This is clearly not a minor threat, but an actual tactic used in the wild."
CheckPoint warned that malicious apps can slip through Google's ‘Browser' checking system, and that almost half of all SYSTEM_ALERT_WINDOW malicious apps out there come from the Google store. It added that Google made all this possible when it deemed it appropriate removed the requirement for explicit user permission to use the SYSTEM_ALERT_WINDOW in Android 6.0.1.
Google's response is to add another permissions options to Android O, as long as it does not remove or water it down at a later date that should be just fine. Users are advised to not download any fishy looking apps from the Google store, or just install some sort of antivirus. µ
Welcome to the dystopia Black Mirror warned us about
Microsoft in 'more helpful' shock
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers