• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Cookie Policy (US)
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech Guide
  • Home Improvement
  • Gadget & Apps
  • News

Replacement attack could turn your legit Android App into a Malware, How to Avoid it?

Updated on Mar 26, 2015 by Guest Authors

Android mobile users who download their apps from the Google Play Store have full confidence the items they get are legit and free from backdoor attacks, especially that Google recently formed a review team to vet apps. But a new method of attack, though unseen in real-world setting, could turn your legit app into a malware that a security researcher says could put half of Android devices worldwide in jeopardy.

android-malware

Zhi Xu, a senior engineer at Palo Alto Networks, discovered the potential of the attack based on a hypothetical study that shows legit Google Play apps can create an entry point into an Android device for another app coming from third party app stores. This app from a third party source can then grant enable the legit Google Play app to have access to a vast array of data, including usernames, passwords, and other sensitive data.

Based on the findings of Xu, this method of attack can help attackers to alter apps in a stealthy manner, free from detection of the phone’s owner. It is called a silent hijacking technique, through which a hacker can replace the real app you are downloading from Google Play with another app that probably contains a malware.

The providers of app store services such as Google and Amazon are already finding a fix to the vulnerability. Users, meanwhile, can do something about it. Security experts recommend that they update to the new versions of the Android operating system such as Android 4.4 and higher to parry the problem once and for all.

According to Xu, the PackageInstaller used to install Android apps in devices is what causes the problem. The installer contains a sort of vulnerability, called time-of-Check to Time-of-Use, which a hijacker can use to substitute legit apps with malicious ones because PackageInstaller on older versions of Android does not authenticate the APK file at the time of use.

Luckily, though, the attack works only when an app is downloaded and saved to an unprotected space, in this case in file systems beyond the perimeter of Google Play. So the hijacker’s technique is evident now, first they would try to install what appears to be a safe app and then launch a malicious app once they detect apps installed from third party sources. This happens during the installation process, a very subtle way of circumventing any form of detection method on the part of the user, who would haphazardly just give permission when asked.

So if you are still using Android 4.1 or lower, upgrade to the latest version if possible to avoid this kind of attack.

Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Footer

Review of the Waterpik Evolution and Nano Water Flosser Combo Pack

Transparent Shaving: The yoose ICE Electric Shaver Review

INKBIRD IBS-TH5 Review – Smart Thermo Hygrometer with E-Ink Display

LISEN MagSafe CD Phone Holder for Car Review

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Review of the Waterpik Evolution and Nano Water Flosser Combo Pack
  • Transparent Shaving: The yoose ICE Electric Shaver Review
  • The Hidden Cost of Cryptocurrency: Bitcoin’s Energy and Water Footprint
  • Free Places To Sleep Inside Hong Kong Airport During Long Transits

Copyright © 2023 · All Rights Reserved

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional cookies Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}