In an always-connected world, one has to be more security conscious than ever, especially when it comes to our smartphones. Unfortunately, a new security flaw has come to light that affects all versions of Android. The good news is that it will finally be fixed in the new version - Android 9.0 Pie. The bad news? You might never get the new version, so you'll have to look out for yourself.
This information comes from research firm Nightwatch Cybersecurity, which discovered a vulnerability in Android that allows apps to ignore permissions to access information contained in system broadcasts. This includes the name of the Wi-Fi network used, BSSID, the MAC address of the device, DNS server information and local IP addresses.
Exploiting this flaw, a malicious app could geolocate and track any Android device with a worrying degree of precision, right down to a street address. It also allows bad actors to attack your Wi-Fi network.
Is my phone vulnerable?
Those of us who are set to upgrade to Android Pie can at least breathe easily. Google has apparently finally fixed this flaw with the new OS version. But you know how it goes with Android OS updates. Less than 0.1% of Android users are running the latest build, and many are still behind Android Oreo.
Unfortunately, Nightwatch Cybersecurity says that Google is not planning on fixing this flaw on older versions of the OS. Not even forked versions of Android are safe. Amazon devices with Fire OS share the vulnerability, for example.
While Google will no doubt work to make upgrading to the latest Android version easier for the mass of users (such as with Android One, for example), many of us will linger behind on older OS versions.
So what to do? The best way to avoid this kind of attack is simply to refrain from downloading or sideloading unofficial apps (as in, those outside of Google Play) that may contain malware. Of course, many of us enjoy plucking fruit from outside the Google garden. Just be careful and use your discretion before you download.
Do you often sideload 'unofficial' apps? What do you do to prevent security risks?