In an open ecosystem like Android OS, bugs and malware will continue to exist, as long as there is precious personal data to mine and people with malicious intent to take advantage of the security holes in the OS. Palo Alto Network’s Unit 42 has just released an announcement of what a vulnerability it calls “Android Installer Hijacking”, which may be present in almost half of Android devices out there.
This vulnerability allows third parties to get access to your Android phone and basically do what they want to do – install their own surveillance malware or worse, steal your private data. Unit 42 says that as many as 49.5% of all Android devices, including tablets, are at risk. Think about it, that’s almost half of all Android devices out there.
The good news though, is the problem only manifests itself if you purchase apps from other app stores and third-party sources, rather than Google’s own certified Play Store. What the hack does is that it exposes your device by manipulating app permissions. Once a malicious app has the permissions it needs, your phone – and the data within – is wide open.
Palo Alto Networks suggests installing a vulnerability scanner which they have made to look for this specific hole in your Android device. Pick up the free installer from the Google Play Store. To prevent these, only install apps that you know you can trust, if they are not from the Play Store. Install security updates from your manufacturers if any are available.
SOURCE: Palo Alto Networks
That’s why I don’t install apps and games that are not coming from Google Play Store
It’s smart to do like this
When you read their information, it says Android 4.4 and up has already been patched. Below that is vulnerable. My 2013 Moto X runs 4.4.4. I ran their test 3 times. Twice it said my device was vulnerable. Only once did it tell me that my device is not vulnerable. There are so many more comments on their Play Store page describing the same mixed results for supposed “patched” versions including Lollipop.