A vast number of Android users will be hugely concerned to hear news about a worrying flaw that was recently discovered in one of the world’s most popular applications. The Google app, which has been downloaded a staggering 19.8 million times from the Play Store, allows users to gain instant access to the web, find answers to questions, and search local weather and traffic reports.
However, according to one security expert, it could also hand hugely personal details including full web history over to hackers. Sergey Toshin, from cyber threat firm Oversecured, has exposed a vulnerability within the Google app that could offer thieves a convenient way to steal data from a device. The flaw was disclosed in his blog post.
All hackers would need to do is get Android fans to install a fake app on their devices which, once opened, would set about infiltrating the Google app and steal all of the personal data held within it.
As Toshin explains, “While securing pre-installed apps on Android devices, we discovered persistent arbitrary code execution in the Google app. This could have allowed any app installed on the same device to steal arbitrary data from it, for example, accessing a Google account, user’s search history, voice assistant interaction data, mail from Gmail, and to intercept app rights, including access to read and send SMS messages, contacts, call history (as well as making and receiving calls), calendar, microphone, camera, location, Bluetooth and NFC.”
According to AVAST, the main problem facing Android users comes from adware, which has accounted for around 45 percent of threats so far this year. Although adware doesn’t steal data it can fill devices with highly intrusive adverts that can make phones almost unusable.
The next big threat comes from fake apps which appear very genuine but, once downloaded can spy on the user, to expose them to ads or other malicious activity.
Finally, there are terrifying banking Trojans or “Bankers”. These often disguise themselves as genuine apps to access the banking details of unsuspecting users and trick them into giving up their bank account details by posing as a legitimate banking application and mimicking the login screen or supplying a generic login screen with the respective bank’s logo.
Published at Tue, 22 Jun 2021 05:49:00 +0000