Even though the security flaw was discovered a year back, the Android 4.3 distributed by some of the vendors are still vulnerable to the flaws. Vendors have already been altered by the Palo Alto Networks research team about the potential flaw and its vulnerability which includes Amazon, Google and Samsung handsets. Nearly 89% of the Android devices were prone to the exploit when it was first discovered in Jan 2014. As if now Android 4.4 has managed to get a fix to this flaw through proper upgrading.
Malware distribution with Arbitrary Permissions:
Phones which are still running on older Android versions are still at risk. According to the security researchers they were able to duplicate the attack on the Samsung’s Galaxy S4 phones and calling this as the Android installer hijacking. According to the researchers from the Palo Alto Networks, they have ensured that an app has been available on Google Play that will help the people to scan their phones to check out for potential risk and vulnerability. The team has ensured that this app is on open source and the code is available on a GitHub repository.
Companies who are concerned can take actions to mitigate these risks. Researchers state that companies should withhold permissions from new apps that seek access to their log-cat making space for potential exploitation. Companies can stop further risk by avoiding employees from using any kind of rooted devices.
Even though exploit does not rely on any kind of rooted devices for causing any harm they make these devices more susceptible. The exploit is based on the susceptibility in the Android OS which makes the hijackers to take over the Android APK installation process. They can spread the malware with illogical permissions.
Application developers need to be beware:
These vulnerabilities can be used in different ways by an attacker. Simple example is the prompting of a person to install an application that is false but might seem legitimate. The main reason being the app does not require any special kind of permissions.
Whenever a user downloads an app from a third part app store, it opens up the chances of attackers to use malware while the permission screen is still being displayed. Application developers are required to get cautious about these attacks. Since mobile ads and apps do not rely on Google play making to save apps in an unprotected storage.
This will allow the attackers to replace the current apps with malware. There are instances where in the first app might be prompted to advertise about another app in itself. When the user will try to download the second app, the first app will modify itself and potentially open up the space for malware attacks.