Android clickjacking attacks possible from Google Play apps

Apart from ransomwares, the said security bug can also be exploited by banking malware and adware.

If you have an Android device, then you are probably aware of the issues and flaws in the Android permissions. "There have been numerous instances in the past when malicious applications made their way in Google Play and eventually on user devices", Arsene said.

Now the good news is that it appears that Google has already addressed this flaw in the upcoming Android O update, but the bad news is that users will have to wait until the update before it is fixed. "Plus, there are plenty of third-party app marketplaces out there from where users can still download and install potentially malicious apps. This means that a malicious app downloaded directly from the app store will be automatically granted this risky permission".

More news: A Defining Moment for France and Europe

It's a small update, but it keeps moving forward Google's plan to make everything related to Google Play a bit more uniform and streamlined. Unlike the other permissions, to grant it, the user must go through several menus (Settings - Apps - Draw over other apps) and manually allow an app to use it.

You might think, if Google felt strongly enough to consider SYSTEM_ALERT_WINDOW a potential malware-related security problem in the first place, that it would take extra care over approving Play Store apps that made use of it.

There is no way of knowing whether the app developer is telling the truth or going to use this for the Android permissions vulnerability issues.

More news: Monaco vs. Juventus in UEFA Champions League

For example, when an app needs to access a user's contact list, Google Play will bring up a dialog box and asks if the user will permit that activity. There will be changes on Android O though, which should give out a different permission that is more restricted.

Beyond this, we still do not know much about how Google will take on the permissions for the apps like Facebook.

The flaw: Since Google understood the problematic nature of this permission, and the apparent risks for user privacy it created the distinct process mentioned above to approve it.

More news: Liberal claims victory as South Korea's leader


Popular

CONNECT