Yesterday, we reported about QuadRooter, a new exploit discovered by Check Point Security which affects over 900 million Qualcomm devices. The exploit has already been patched up, and most of the fixes that address it have been issued in the Android security patches to date (the last fix will come this July).
Today, Google wanted to add more to the story to ensure everyone that the exploit shouldn’t cause much harm. For starters, the company reassured us that the vulnerability is checked for in any apps in the Google Play Store, as well as another check for apps that you install on your own.
“We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.”
As such, the only way a malware app that targets the QuadRooter exploit can hurt you is if you install an APK from a third-party source and disable Android’s Verify Apps feature — everyone with Android 4.2 or higher is covered — which automatically checks for malware when installing third-party apps (and swiftly blocks the app from installing if it does).
Despite Google having your back in this regard, it’s always a good idea to make sure you’re only installing apps from Google Play or from sources that you absolutely trust. Do research on an APK if you aren’t sure on its safety, because it’s better to be safe than sorry.
[via Android Central]