Quick heads-up on a vulnerability you might learn about soon. The folks at Palo Alto stumbled across a major security vulnerability within Android that could allow malicious apps to hijack an app install. Before you freak out and hook your phone up to a chemo machine to rid it of any impurities, stop — there’s almost nothing to be worried about here:
So what does it do? According to them, since a side-loaded APK is installed from an unprotected source such as an SD card, an app could hijack the process of installing the app by Android’s package installer. It’d do this by replacing the legit APK with one that would most likely contain some sort of malware and other nasty stuff, and it would all happen without the user even knowing.
The dirty (but full) details can be found in the report published here, but the reality is that most folks with a phone made within the past couple of years are probably safe. Still, if you’re the oddball who still as a Nexus One on Android 2.3 and might be using a third-party app store over Google Play, you’ll be glad you know about it.
Palo Alto made a neat app that will check your phone to see if it is vulnerable. If it’s not, you’re good to go. If it is? Well, you should definitely try to download a ROM based on at least Android 4.4, or use this as a good excuse to finally get that new phone you’ve been eying. Be safe friends, and try not to download anything outside of Google Play unless you absolutely have to.