View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 15, 2014

Android flaw allows home screen icons to be attacked

It redirects users to phishing websites or malware-serving websites without alerting them.

By CBR Staff Writer

Security researchers at FireEye have uncovered a new vulnerability in Android that allows hackers to use malicious apps to replace original home screen icons with fake ones.

Android Open Source Project (AOSP) classifies Android permissions, which is the requests that apps make in order to work, into protection levels such as ‘normal’, ‘dangerous’, ‘system’, ‘signature’ and ‘development’.

According to the security firm, the latest Android 4.4.2 OS displays only the dangerous permissions if an app requests both dangerous and normal permissions, while it does not display normal permissions to users even upon request.

Researchers said in a statement that some of the "normal" permissions are found to have dangerous security impacts.

"Using these normal permissions, a malicious app can replace legit Android home screen icons with fake ones that point to phishing apps or websites," they added.

"The ability to manipulate Android home screen icons, when abused, can help an attacker deceive the user."

Hackers can take on Android home screen icons using two permissions and, which enable an app to query, insert, delete, or modify the whole configuration settings of the Launcher, including the icon insertion or modification.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The vulnerability also influences devices using non-AOSP Launchers, including Nexus 7 with CyanogenMod 4.4.2, Samsung Galaxy S4 with Android 4.3 and HTC One with Android 4.4.2.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.