View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Android faces permissions hijack from third party apps

Unofficial software has learnt to assign itself powers.

By Jimmy Nicholls

A flaw in Google’s Android operating system allows hackers to hijack a seemingly safe app and sneakily replace it with their own malware, according to Palo Alto Networks.

The bug lets hackers quietly increase permissions on third-party apps until they are able to take the data they want, with the problem said to affect around half of Android devices.

Ryan Olson, intelligence director of Unit 42 at Palo Alto, said: "This Android vulnerability means users who think they’re accessing legitimate applications with approved permissions may instead be exposed to data theft and malware.

"We urge users to take advantage of the diagnostic application provided by Palo Alto Networks to check their devices, and we thank Google, Samsung and Amazon for their cooperation and attention."

The malicious apps tend to be disguised as flashlights or mobile games, and initially display a false set of permissions to trick the user into believing they are safe.

Whilst Palo Alto has worked with Google and device manufacturers Samsung and Amazon to patch the bug, some older versions of Android could still be vulnerable.

Concerned users are advised to download apps only from the official Google Play store, whilst corporate admins are advised not to allow "jailbroken" or "rooted" devices, which have been set up to access third-party stores, to connect to enterprise networks.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.