Security researchers find flaw hidden in Google apps

By Balamurugan Selvaraj Published on May 11, 2017 03:27 PM IST

A few days back, security researchers from Checkpoint found a flaw hidden in apps which were available on Google PlayStore. According to the security researchers, apps installed directly from Google Play have this flaw. As per Google's policy, the apps themselves grant extensive permissions. And this flaw exposed millions of Android users to several types of attacks, which included ransomware, banking malware and adware attacks.

Researchers also reported this flaw to Google. They replied that the issue was already being dealt with in the upcoming version of Android, currently dubbed 'Android O', which is expected to release by end of this year.

The worst thing is that till today, millions of smartphone users are still run on old versions and wait for the new Andriod N version. So, it has been cleared that users who were still running older versions are vulnerable to cyberattacks big time.

According to their findings, 74 per cent of ransomware, 57 per cent of adware and 14 per cent of banker malware abuse this permission as part of their operation.

In Android version 6.0, Google introduced a model for apps to configure the permissions. In this model, permissions which were considered as dangerous were granted during the run-time alone. It means for the first time, if the app accesses a dangerous resource, it will ask user for permission and if the user approves, it would grant access.

In addition, another category exists which contains a single permission - SYSTEM_ALERT_WINDOW. But to allow this access, the user has to go through several menus (Settings -> Apps -> Draw over other apps). From there, the user can allow the app to access the desired permission. The 'SYSTEM_ALERT_WINDOW' is unique as it has the ability to enable an app to display over any other app without notifying the user.

The researchers' post says, 'This leaves a way for attackers to use this smart phone for fraudulent activities such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans. It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices.'

This flaw is also used by legitimate apps such as Facebook which requires permissions for its Messenger chat heads feature. Many users were unable to approve the permission manually. Because of this, the feature could get hurt.

Google applied a temporary patch in Android version 6.0.1 to allow the PlayStore app to grant run-time permissions, which were later used to grant SYSTEM_ALERT_WINDOW permission to apps installed from the app store.

Because of this, there is a risk that malicious apps downloaded directly from the app store will get this dangerous permission automatically.

Based on Checkpoint research official page, it was found 'Nearly 45 per cent of the applications using SYSTEM_ALERT_WINDOW permission are apps from Google Play. With the granting of SYSTEM_ALERT_WINDOW permission to apps, Google bypasses the security mechanism introduced in the previous version.'

And to make the malicious apps away from the Google Play, users 'bouncer' to scan the apps, which were uploaded to the Google Play. But, unfortunately, malicious apps successfully infiltrate Google Play time. FalseGuide app was one of the recent flaws found on Google play. After this flaw, Google has been working to resolve it.

Researchers also provided some suggestions to the smart phone users:

* Beware of fishy apps - users should always beware of malicious apps, even when downloading from Google Play.

* Look for the comments left by other users, and grant only permissions which have relevant context for the app's purpose, implement advanced security measures that protect your PC, with dedicated security solutions.