We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

2 min read 2 comments

Google won't fix security flaw in pre-Pie Android versions

In an always-connected world, one has to be more security conscious than ever, especially when it comes to our smartphones. Unfortunately, a new security flaw has come to light that affects all versions of Android. The good news is that it will finally be fixed in the new version - Android 9.0 Pie. The bad news? You might never get the new version, so you'll have to look out for yourself.

This information comes from research firm Nightwatch Cybersecurity, which discovered a vulnerability in Android that allows apps to ignore permissions to access information contained in system broadcasts. This includes the name of the Wi-Fi network used, BSSID, the MAC address of the device, DNS server information and local IP addresses.

Exploiting this flaw, a malicious app could geolocate and track any Android device with a worrying degree of precision, right down to a street address. It also allows bad actors to attack your Wi-Fi network.

Is my phone vulnerable?

Those of us who are set to upgrade to Android Pie can at least breathe easily. Google has apparently finally fixed this flaw with the new OS version. But you know how it goes with Android OS updates. Less than 0.1% of Android users are running the latest build, and many are still behind Android Oreo.

Unfortunately, Nightwatch Cybersecurity says that Google is not planning on fixing this flaw on older versions of the OS. Not even forked versions of Android are safe. Amazon devices with Fire OS share the vulnerability, for example. 

androidpit play store 5
Stick to the Google Play store to benefit from Google's crime-fighting. / © AndroidPIT

While Google will no doubt work to make upgrading to the latest Android version easier for the mass of users (such as with Android One, for example), many of us will linger behind on older OS versions.

So what to do? The best way to avoid this kind of attack is simply to refrain from downloading or sideloading unofficial apps (as in, those outside of Google Play) that may contain malware. Of course, many of us enjoy plucking fruit from outside the Google garden. Just be careful and use your discretion before you download.

Do you often sideload 'unofficial' apps? What do you do to prevent security risks?

 

2 comments

Write new comment:
All changes will be saved. No drafts are saved when editing

  • If a person is willing to sideload, they should take the precautions to make sure they don't get hacked/used/abused. To not do so, is just silly.


  • The article omits to say that any good (including free) third-party system security app will replicate Google's Play Store scanning and block malicious APKs. I sideload APKs in order to avoid creating a "real me" credit card relationship with Google. In addition to choosing APK download sources carefully, I've installed BitDefender free to scan every installation, and have never been infected by anything. There are other reputable free malware scanners available.

Recommended articles