Remember a couple days back, when most of the populous using an Android phone was going haywire because of a set of four new vulnerabilities called ‘Quadrooter’. Well, Google has finally broken its silence on the subject matter and said that you probably shouldn’t worry.
The new set of vulnerabilities, which were first discovered in April, were outed by security firm Check Point just last week. These vulnerabilities are related to the Qualcomm processor chip and when exploited by an hacker — can allow him to gain unprecedented access to your whole device with just a malicious app.
Over 900 million Android devices are expected to be affected by any one of these four vulnerabilities. However, Google has now offered some respite by sharing with us the fact that the ‘Verify Apps’ feature included in Google Play Services has been designed to protect the smartphone against exactly these kinds of attacks. The ‘Verify Apps’ feature was first added and activated by default in Android 4.2 Jelly Bean.
A Google spokesperson told AndroidCentral that ‘Verify Apps’ and SafetyNet protection can actually identify, block and remove apps trying to exploit the Quadrooter vulnerabilities. The spokesperson also added,
We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities.
The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided.
The language, however, clearly states that Google’s own Nexus phones will be fixed on receiving the final patch next month. But, the security of the remaining devices depends on the timeliness of the update cycle of their respective OEMs(which is actually quite poor).
Even after conforming that ‘Verify Apps’ is on by default and working, Google has still added that the exploitation of these issues depends on users who download and install malicious apps. They, however, wouldn’t be affected until and unless they’re too smart and have turned off the security feature from their setting window.
This is the final line of defense which Google might have created keeping in mind the possibility of exactly this kind of threat to the security of the device.