'Android Installer Hijacking' is the Latest Bug Set to Mess Up Your Phone

By Gerald Lynch on at

Another day, another vulnerability waiting to be exploited in Google's mobile OS. Security researchers at Palo Alto Networks' Unit 42 have discovered what they claim is a "widespread vulnerability" in Android, just waiting to be taken advantage of by nefarious smartphone crooks.

The 'Android Installer Hijacking' vulnerability lets third parties compromise your Android phone, installing malware and stealing data. As many as 49.5 per cent of all Android devices, including tablets, run the risk of falling foul to the problem, though it only becomes an issue if you purchase apps through a third-party app store, rather than Google's own certified Play Store.

This latest security issue takes advantage of your app permissions (the things you allow an app to be able to do with your usage stats and general data, as well as which elements of the device's hardware an app can control), changing them on the fly as an app is being installed to give itself greater access to your device than you had allowed it to. Once compromised, a hacker can use the vulnerability to dig around your phone without opposition as if it was the 10p box at a jumble sale.

Palo Alto Networks is putting out an Installer Vulnerability Scanner app so that you can check if your device is a potential target for the threat. You can download and test your phone with it by picking it up here. As for preventative measures, where possible make sure your app downloads come from trusted sources only, and also download any updates that your device manufacturer puts out. But you know all that already, right? [Palo Alto Networks]