Google cannot fix Android Marshmallow and Nougat malware flaws till August’17

Google has made an official announcement today that it is aware of the malware flaws existing on the phones driven by Android Marshmallow and Nougat operating systems and will try its best to fix the flaw by August’17. Means users using the said Android versions – Nougat and Marshmallow are on the verge of being exploited by banking malware and ransomware hackers till this year end.

Early last week, security firm Check Point, issued a report on the current set of permission models adopted by Google on its latest Android Mobile OSes. The report clearly specified that Nougat and Marshmallow contain a bug that serves as an access point for malware spreaders like Trojan, ransomware and adware developers to take over victim screens with extortion and phishing pages.
Google took a note of the flaws mentioned in the report and said that the issue needs time to be fixed and will be done by August this year with the release of Android O or Android 8.0.

Technically speaking, Android 6.0 and 7.0 (Nougat) are currently the most widely used Android Versions. But both these OSes have sensitive permission issues called ‘System_Alert_Window’ which allows applications to push windows that overlay other apps. And in a majority of cases, security flaws emerge from such permission loopholes.

Check Point’s report has already lined up some alarming stats on this issue. It mentioned in its report that a whopping 74% of ransomware and 57% of adware issues along with 14% of issues related to banking malware took advantage of this permission flaw to carry out their fishy operations.

As per the info-graphics offered by Android Developer Dashboard, Marshmallow is being used by more than 31% Android smartphones users while Nougat is just loaded on less than 4.5% of Android driven phones.

Let’s hope that Google succeeds in addressing the issue in its Android O which is still in developer preview version and is scheduled to release in the 3Q of this year.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display