Google has released a brand new update that have taken the level of security up on Android by yet another notch. The company has plugged a couple of pretty serious holes in its platform that offered hackers a way to perform some serious damage.
The first of these flaws, was actually designed for research purposes. However, it had the potential to be weaponized and could have been used to exploit the victim’s smart phone, after some modifications on the attacker’s part. It wasn’t particularly difficult to detect either, so Google thought it prudent to shut it down.
On the other hand, the second flaw behaved in a manned reminiscent of the notorious Stagefright threat, that gave researchers such a fright just a couple of months ago. All that was needed to be done on the attacker’s part, was to send you altered content — say a JPEG image through your email and wham! Your device would be open to all sorts of mischief provided that you downloaded the content.
Similar to the first vulnerability, Stagefright’s sibling was also pretty easy to discover and deploy for a hacker, making it all the more dangerous.
It would have been pretty great if this would have been the end of the story. There are a couple of vulnerabilities. Google fixes them. Happy ending. However, there is more to it.
Google researchers also discovered that a couple of malware called DressCode and CallJam had been downloaded millions of times from the Google Play Store. The malwares were being hosted upon multiple applications on the Play Store. While CallJam directed your smartphone to websites that made revenue through advertisements and even sometimes called paid numbers, DressCode besides directing traffic to advertisement websites, also had the potential to compromise local networks.
The applications hosting these malwares — whether knowingly or unknowingly — have since been shown the door. However, that does not solve the issue of all the millions of devices that have already been infected by CallJam and DressCode by unwitting users who downloaded these applications.
Meanwhile, the issue brings the less-than-awesome state of security to the fore — yes, even for the Google backed Android platform. While users running premium devices such as Nexus or flagship phones from manufacturers like Samsung and LG are likely to receive these updates quickly, what about those who are still rocking one of the older androids? Must we necessarily update our software and often our devices, at no small cost, in order to protect the integrity, privacy and security of our information?
These are some prominent questions that Google needs to address as soon as possible. While it’s monthly security updates and bug bounty program are helping, there is still a lot more to be done. And while plugging threat is important, its even more vital to make changes in the policies in order to tackle these issues at a more fundamental level.