Security Bug Detected in Google’s Android App

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

A vulnerability had existed in Google’s eponymous Android app with over five billion downloads to date that might have enabled an attacker to stealthily steal the personal information of a victim’s device. 

In a blog post-Sergey Toshin, the founder of Oversecured Mobile App Security Group, noted that it’s about the way the Google app relies on code that is not packaged with the app directly. Several Android apps, notably the Google application, decrease download size and storage space by depending on code libraries installed on Android smartphones. 

However, the shortcoming in Google’s code allowed the malicious application to inherit the permissions of the Google app and permit it to almost completely access data from a user. 

The malicious application could also pull the code library from a malicious app on the very same device rather than its legitimate code library. This access includes access to Google user accounts, search histories, e-mails, text messages, contacts, and call history, as well as microphone/camera triggering and user location. 

Toshin added that the malicious application will be activated once for the attack to start, but it is carried out without the knowledge or cooperation of the user. He added that removing the malicious program will not remove malicious components from the Google app.