Microsoft discovered that millions of Android smartphone owners are facing the risk of being hacked due to security flaws spotted on popular apps that either came from the Google Play Store or have been pre-installed by manufacturers. Microsoft has already worked with Google for a fix.

In the full report, Microsoft said that they discovered “high-severity vulnerabilities in a mobile framework belonging to mce Systems” back in September last year.

Based in Israel, mce Systems is a software framework provider that makes Android developers’ jobs easier. However, such frameworks apparently have “extensive control”, which makes them the prime target for hackers.

As per the researchers at Microsoft, this framework is found in a lot of popular apps, including those that come as default install on most phones and can’t be removed.

Microsoft was able to identify the 4 security flaws by examining the code of the framework. As per the researchers, the vulnerabilities they discovered “can all be exploited in the same way.”

One of the flaws will allow skilled hackers to “implant a persistent backdoor,” which will then be used to install viruses or spyware without the user noticing.

Related

As Microsoft said, the framework can “access system resources and perform system-related tasks, such as adjusting the device’s audio, camera, power, and storage controls.”

It even has “extended privileges” as it can work with system applications.

What’s worse, the team from Microsoft also found out that Google Play Protect — before the discovery — can’t do anything about it as the security checks it does are “not designed to detect these types of problems.”

Well, not until now, as Microsoft said they shared their research with Google. With that, Google Play Protect can now identify such vulnerabilities.

You can read the full report here.

Leave a comment

Your email address will not be published. Required fields are marked *