Nearly 40 per cent of Android users are vulnerable to a security design flaw that Google won’t fix until the next major revision of the mobile operating system.
The cockup is a strange one, and was spotted by researchers. It affects Android 6.0.1 (aka Marshmallow) phones and above, which according to the official Android dashboard, means 38.3 per cent of devices are hit.
Google will address the design blunder in Android O, which will most likely be out this summer or autumn. Fingers crossed you get the update if you’re on Android 6 or 7 today.
In the meantime, Google will continue to rely on its Bouncer software, which automatically checks apps in its store for evil intent, and removes them if they are naughty – and abusing overlay windows will get you kicked out. Google also has human inspectors that follow up and go through code that raises a red flag.
But as we have seen multiple times, Google’s system is not perfect (neither is Apple’s, for that matter) and rogue apps get into the Store. Last month nearly 50 applications were pulled from the Play Store because they contained ad fraud software. In April similar apps were also removed after an investigation.
But the real danger is from third-party Android app stores. These are already known to be a seething mass of malware, but are still popular, particularly in Asia and Russia – and the SYSTEM_ALERT_WINDOW permission is ripe for abuse in these unregulated souks.
Submitted by: Arnfried Walbrecht