Android O To Bring Fix for Security Bug Present Since Marshmallow

By Jessica Ferrera, Christian Post Contributor

A security bug that has existed since Android 6.0 Marshmallow went live and has become commonly exploited by ransomware will not be fixed until the next version of Android software, currently subbed as Android O, is available.

Android Marshmallow is still commonly used on most Android devices despite the launch of Android 7 Nougat.

In a recent blog post from the I.T. security company Check Point, they shared that the said security flaw is rooted to "Google's policy which grants extensive permissions to apps installed directly from Google Play."

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

Check Point adds that Google has been notified about the dangerous security bug and they promised that they will address the issue "in the upcoming version of Android."

When Android Marshmallow was introduced in 2015, it brought in a new way of granting permissions for apps found on Google Play. Permissions are what users are being notified about before they can install an app.

For example, when an app needs to access a user's contact list, Google Play will bring up a dialog box and asks if the user will permit that activity. Declining will not let the user install the app, but accepting (or granting the permission) gives the app the power to access those particular elements in the device that it had earlier asked about. 

The permission to access the user's private information or other sensitive resources, such as the contact list, is included in what Google refers to as "dangerous permissions."

However, Check Point adds that apart from the dangerous permissions, Google is also keeping its eye on another category "which contains a single permission" called the SYSTEM_ALERT_WINDOW.

One difference the SYSTEM_ALERT_WINDOW has from the other is that it requires users to go through several windows or menus to actually grant permission for an app's activity. "The reason SYSTEM_ALERT_WINDOW is unique is the extensive capability it withholds, by enabling an app to display over any other app without notifying the user," Check Point further explained.

Apart from ransomwares, the said security bug can also be exploited by banking malware and adware. Check Point found out that the unresolved security issue has already helped crooks attack Android users. It has been used by 74 percent ransomware, 57 percent adware, and 14 percent bank malware as part of their schemes. The security firm adds that this should not be treated as a minor threat and referred to it as "actual tactic used in the wild."

While the permanent fix will only arrive in Android O, Check Point added, "As a temporary solution, Google applied a patch in Android version 6.0.1 that allows the Play Store app to grant run-time permissions."

For now, Android users are encouraged to be extra cautious with the apps they download even if they are found on Google Play. Having a security tool that can recognize and block malware can also help.

Android O is expected to go live in the third quarter of 2017.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.

Most Popular

More Articles