Android Apps Vulnerable to Hijacking

Almost half of Android smartphones are vulnerable to being hacked through third-party apps downloaded from stores outside the official outlet.

Discovered over a year ago, a Time-of-Check to Time-of-Use (TOCTTOU) vulnerability was uncovered. what is being called “Android Installer Hijacking” allows an attacker to hijack the usual Android APK installation process. It does not work on the Google Play store because a Play Store app cannot be accessed by other installed apps.

“On affected platforms, we discovered that the PackageInstaller has a “Time of Check” to “Time of Use” vulnerability. In layman’s terms, that simply means that the APK file can be modified or replaced during installation without the user’s knowledge. The Installer Hijacking vulnerability affects APK files downloaded to unprotected local storage only because the protected space of Play Store app cannot be accessed by other installed apps,” according to the blog post at Palo Alto Networks.

The PackageInstaller installs a different app than grants permissions to attackers. Legitimate apps could be replaced with malware apps.

Android version 4.4 and later versions have fixed the vulnerability. Android 4.3 and before may have the vulnerability.

A vulnerability scanner app is available in the Google Play store. For security researchers, the open source version of the app has been made available on Github.

Investigators advise users to only install apps from the Google play store on infected devices. To use Android 4.3 or later, though some 4.3 are vulnerable. Don’t give apps permission to use logcat. And don’t use a rooted device.

Read More