Once our applications are installed on our terminals, we give them full (or almost) confidence. We checked their permissions beforehand, to make sure of their behavior, and once in safety, we let them update. Well we are wrong: researchers from an American university have discovered a flaw in the Android system.
Hand in hand with Microsoft, researchers at the University of Indiana have discovered a flaw of the Android security system. This one is in the heart of its update system, which would let some applications take advantage of Android updates to request additional permissions. This was named the "Pileup" fault: she allows escalation of privileges for applicationswithout going through the user.
How does this flaw work?
An application can currently request an authorization that is not available for the Android version of your device. But, having once clicked on the "Accept" button, Android considers that you grant the rights the application. Once your device offers an Android update, the application gets the rights it wants, without you being consul !
Which devices are touched?
All Android devices are concerned : from the moment you have an update (or had one in the past), applications are likely to benefit. In other words, we are all concerned. How to react? The Universit offers an application to alleviate this problem, available for free on the Google Play Store: download Secure Update Scanner.
What do you think of this security hole? What do you plan to do to avoid it?
. (tagsToTranslate) update (t) android (t) vulnerability (t) security (t) malware (t) protection (t) virus