Critical Vulnerability Enables Unauthorized Application Installations on Android Devices
Critical Vulnerability Enables Unauthorized Application Installations on Android Devices
Google has worked hard to make Android as secure as possible, but as with any operating system, security issues occasionally pop up. One flaw allowed malicious apps to be downloaded on Google Pixel phones, and has now been patched.
A hidden and insecure feature within Google’s software for some Android phones has been discovered. Security firm iVerify found the feature, called Showcase.apk, on phones at a U.S. intelligence contractor. The app, normally dormant, appears designed to give deep access to devices for demonstration purposes, but researchers were able to turn it on. The discover prompted data analytics company Palantir Technologies (best known for helping the Trump administration deport immigrants from the United States) to ban the use of Android phones internally, with an executive saying, “This was very deleterious of trust… We have no idea how it got there.”
The app’s insecurity lies in its ability to download instructions from an insecure web address, leaving it open to interception and manipulation. iVerify warned, “The app vulnerability leaves millions of Android Pixel devices susceptible to man-in-the-middle attacks, giving cybercriminals the ability to inject malicious code and dangerous spyware.”
iVerify contacted Google over 90 days ago but received no indication of a fix until Wednesday night, when Google told The Washington Post it would issue an update to remove the application. Google maintains it has not seen any hacking through Showcase and that exploitation would require both physical access and the user’s password. However, the fact that this oversight is present as the app is included in Google-made Pixel phones, known for their prompt security updates , is concerning at least.
This is another great reminder to keep your Android phone up to date, and install security patches as soon as they are available. Once a fix for security issues like this one is available, you can keep yourself protected.
Source: The Washington Post
Also read:
- [New] Apple’s M1 Performance Enhancing Video Editing for 2024
- [New] Yuneec's Breeze - A Quest for Perfect Vision
- [UPDATE] Lenovo Thunderbolt 3 Dock Drivers
- [Updated] The New Era Facebook Video Autoplay Explained for 2024
- 2024 Approved MinisculeCam Record Evaluation & Comparisons
- 2024 Approved Top Quality FB Pic & Movie Creator (No Cost)
- ASUS Notebook Drivers: Free Download and Update Instructions
- Download & Install Sony Vaio Driver Software for Your Windows PC
- Easy Installation Guide: Download Your USB Camera Drivers Today!
- Free Qualcomm Atheros AR3011 Drivers - Download Bluetooth 3.0 Support
- Get the Latest Samsung 960 EVO Drive Software for Windows: Installation Instructions
- Get the Official Qualcomm Atheros AR956 X Wireless Network Adapter Software
- How to Reset Vivo S17t without Losing Data | Dr.fone
- Samsung Galaxy A14 5G Stuck on Screen – Finding Solutions For Stuck on Boot | Dr.fone
- Step-by-Step Guide: Updating Your USB Serial Port Device Driver
- Step-by-Step Tutorial on Free HEVC/H.265 MP4 Conversion From DVD for Improved Video Quality
- Top-Ranked H.265 To MP4 Converter: Effortless HEVC to H.264 Video Format Change
- Title: Critical Vulnerability Enables Unauthorized Application Installations on Android Devices
- Author: Joseph
- Created at : 2024-10-18 23:05:42
- Updated at : 2024-10-25 10:19:50
- Link: https://hardware-help.techidaily.com/critical-vulnerability-enables-unauthorized-application-installations-on-android-devices/
- License: This work is licensed under CC BY-NC-SA 4.0.