Your Android Phone Could Put Your Data at Risk

According to Palo Alto Networks, Android devices have a dangerous vulnerability called Android Installer Hijacking which enables malware to replace legitimate apps with fake ones. Samsung, Google and Amazon have each released patches which protect the smartphones manufactured by them from this threat, but the security company says that 49% of the devices currently in use are still at risk. The good news is that Google officially stated that it didn't detect any exploit attempts for this particular vulnerability.

From what I understand, the problem lies in APK installers downloaded from sources outside of the Google Play Store (this is probably one of the reasons why Android customers are constantly being told to avoid using third-party app marketplaces). APKs downloaded from other sources are stored in insecure locations such as the SD card and use an app called PackageInstaller to complete the installation process. The problem is that the installation app doesn't check the file before beginning the setup process so the APK can be replaced or modified to include malicious code that can steal your private data (during the installation).

Basically, what happens is that the user accepts a certain set of conditions then chooses to install the application, but by the end of the process he or she may end up with a totally different app with extra permissions that the users didn't agree to. It seems that rooting your device increases the risk, but this vulnerability affects devices that are not rooted just as well. The flaw has been found on a bunch of Android versions: 2.0, 4.0.3, 4.0.4, 4.1.x, 4.2.x. and 4.3 (but only on some devices). So, if your smartphone is powered by KitKat or a newer version, you're safe.

Last year, when it was first discovered, the vulnerability affected 90% of the devices, but now the percentage has dropped to 49% (which still means millions of customers). Along with this announcement,  Palo Alto Networks also launched an app (why am I not surprised?) called Installer Hijacking Scanner which can tell you if your device is vulnerable to this flaw or not. You can check the app out in the Play Store by clicking on this link. To read the entire report on this vulnerability click here.

Comments