• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Guide
  • Home Improvement
  • Gadget & Apps
  • Deals
  • News

Replacement attack could turn your legit Android App into a Malware, How to Avoid it?

By Guest Authors

Android mobile users who download their apps from the Google Play Store have full confidence the items they get are legit and free from backdoor attacks, especially that Google recently formed a review team to vet apps. But a new method of attack, though unseen in real-world setting, could turn your legit app into a malware that a security researcher says could put half of Android devices worldwide in jeopardy.

android-malware

Zhi Xu, a senior engineer at Palo Alto Networks, discovered the potential of the attack based on a hypothetical study that shows legit Google Play apps can create an entry point into an Android device for another app coming from third party app stores. This app from a third party source can then grant enable the legit Google Play app to have access to a vast array of data, including usernames, passwords, and other sensitive data.

Based on the findings of Xu, this method of attack can help attackers to alter apps in a stealthy manner, free from detection of the phone’s owner. It is called a silent hijacking technique, through which a hacker can replace the real app you are downloading from Google Play with another app that probably contains a malware.

The providers of app store services such as Google and Amazon are already finding a fix to the vulnerability. Users, meanwhile, can do something about it. Security experts recommend that they update to the new versions of the Android operating system such as Android 4.4 and higher to parry the problem once and for all.

According to Xu, the PackageInstaller used to install Android apps in devices is what causes the problem. The installer contains a sort of vulnerability, called time-of-Check to Time-of-Use, which a hijacker can use to substitute legit apps with malicious ones because PackageInstaller on older versions of Android does not authenticate the APK file at the time of use.

Luckily, though, the attack works only when an app is downloaded and saved to an unprotected space, in this case in file systems beyond the perimeter of Google Play. So the hijacker’s technique is evident now, first they would try to install what appears to be a safe app and then launch a malicious app once they detect apps installed from third party sources. This happens during the installation process, a very subtle way of circumventing any form of detection method on the part of the user, who would haphazardly just give permission when asked.

So if you are still using Android 4.1 or lower, upgrade to the latest version if possible to avoid this kind of attack.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

Kodak Luma 500 Review – An Impressive Mini Projector with Native 1080p Resolution

Hohem iSteady V3 Ultra AI Gimbal Review – Smartphone Videography with Advanced AI and Control

iKoffy EdiBot Food Printer Review – Can It Replace Latte Art?

DYMESTY AI Glasses Review – Could These Be Your Next Wearable?

Follow TechWalls

YoutubeFacebookXInstagram

Recent Posts

  • Kodak Luma 500 Review – An Impressive Mini Projector with Native 1080p Resolution
  • Olight’s Flagship ArkPro Flashlights Launch with Ultimate 4 in 1 EDC Technology
  • Traditional Lawn Mower vs. Robot Lawn Mower: Is It Time to Switch?
  • The Best Robot Lawn Mower 2025 for Versatile Yard Care

Copyright © 2025 · All Rights Reserved