A new vulnerability has been discovered, and allows to infect Android devices with apps that are potentially invisible at any check.
Google has already released an update patch for Pixel devices. However, if you have another Android device, you will have to hope for the speed of your own manufacturer.
The new attack is called Janus and, if exploited, allows you to attack an Android system harshly circumventing the electronic control system of Google packages and putting at risk the security and data of the device.
The problem lies in the V1 scheme, the system with which Google digitally signs APK packages and verifies that an app is exactly what it claims to be and has not been modified by introducing malicious code.
By exploiting this system, it is possible to inject malicious DEX code into APK packages, completely invisible to Android. This means that a cyber criminal could exploit this bug to compromise perfectly legitimate applications, adding code that violates user privacy and data.
However, the vulnerability does not affect the latest V2 scheme for digital signing of apps. Moreover, as already mentioned, Google has already released an update patch to solve the problem.
It is already available for Pixel devices, while for other devices equipped with Android it will be necessary to wait for the respective manufacturers to distribute the update.
So, in the meantime, we suggest to follow the general rules about security:
- – download apps from Google Play and trusted sources only;
- – be always be careful about what you do with your device;
- – install an app for security defense, as Total Antivirus Defender.
Total Antivirus Defender is our 100% security solution, and it has been used by more than 1,200,000 users with satisfaction.
For more info, click the following link: Get Total Antivirus Defender FREE