Since Android OS version 6, the widely used smart phone platform has been vulnerable to an exploit of a feature that Google touts as a competitive advantage over its chief competition – multitasking. Without getting down into the technical weeds, the vulnerability takes advantage the operating system’s inherent ability to do multiple things at once, allowing malicious apps to impersonate a legitimate, trusted app on your phone while asking for permissions that it will then use to invade your privacy and steal data.
Surely Google Play’s security scans will stop this?
Despite being documented as far back as 2015, Google has continued to downplay the security loophole even though up to the time of the article’s publication, 36 different apps were available on the Play Store that were identified as exploiting the weakness, dubbed StrandHogg, and apps exploiting this “overlay” technique have been showing up in the store since 2017. Unfortunately, despite Google’s efforts, many malicious apps still manage to make it through their security screening, including highly popular apps such as the infamous “CamScanner” app that had been compromised and turned into hidden malware conduit.
Unfortunately, there’s only so much heavy lifting you can do on your own. In the case of the CamScanner incident, even the developers allegedly did not know their app had been compromised and injected with the malicious dropper library that went on to infect its users. If you were being diligent on updating your apps to repair bugs and patch security holes, you walked right into a trap you couldn’t possibly have avoided. That being said, there are things you can watch out for:
- Apps that suddenly ask for permissions it should already have.
- Apps that ask for login credentials it should already have.
- Apps that ask for permissions that don’t make sense, ie. a Calculator app asking for permission to access your camera or microphone.
- Permission or login popups that look strange or don’t match the app it supposedly comes from.
- Spelling, grammar and punctuation errors.
- Email warnings from services detailing unusual activity or unexpected logins.
If you notice anything of these things, immediately stop and assess the situation. If you are uncertain how to check your phone for malicious apps or compromised security, definitely do not grant new permissions or enter confidential information into any prompts until you can verify your devices integrity.