Worrying news as it has emerged that there’s a hole in some Android phones that could enable hackers and the like to execute malicious code.
The potential exploit was discovered by Palo Alto Networks, which does enterprise security for big businesses. Apparently the way it works is that it exploits a flaw in Android’s “PackageInstaller” system service, allowing attackers to silently gain unlimited permissions in compromised devices.
Palo Alto describes it as a “bait & switch” – apparently apps could be downloaded which, on the Google Play download screen, don’t ask for any permission on things like GPS location or camera, but because of a bug in the code, the app (which could be disguised as something innocuous, like a game), the malicious app could conceivably access much more without you knowing.
There doesn’t appear to be too much to worry about at the moment – now that the flaw has been flagged up by one of the good guys, it will no doubt be patched and fixed pretty quickly, but it is always a good idea to keep your apps and software up to date, just in case.