Android mobile users might be glad to know that the crew behind Google’s mobile security has taken the opportunity to roll out an Android update that should fix a couple of security flaws that could potentially put Android handsets at risk if cybercriminals had taken advantage of them. As told by Google to Ars Technica, the first was only designed for the purpose of doing some research, but would have been harmful if modified, plus it was easy to detect and use for malicious purposes. As for the other security flaw, its behavior was akin to the Stagefright malware, which hit some headlines in July of last year. Basically, it allows a hacker to send a modified JPEG file by way of Gmail or Google Talk and then proceed to gain unauthorized access to a user’s mobile device.
Meanwhile, security firm Check Point has announced that Google Play had been hosting mobile apps that came with two forms of malware -- CallJam and DressCode. What the CallJam malware does is direct mobile devices to websites that made non-legitimate ad revenue. And if users granted CallJam permission, it would make a call to paid phone numbers. While the DressCode malware could also funnel handsets to suspicious websites that serve as ad sources, it could also inflict harm to local networks. And even though Google made a wise decision in taking out the compromised mobile apps from Google Play, there is no knowing for sure who many users have been infected, considering that the malware may have been downloaded hundreds of thousands, or even millions, of times already.
Malware is nothing new, especially in Android, the most widely used mobile operating system in the world right now. But taking care of them is often challenging because Android’s security updates often take time to get to users’ handsets. Only the owners of Nexus devices receive timely security updates, while the rest of the pack often have to wait. Adding to the headache is that even though Google is working to deploy security updates regularly (monthly, especially for Nexus devices and handsets made by Samsung), users may not be able to take advantage of the fixes because either the manufacturer of their device has not approved those updates yet or using a version of Android that does not support those new updates (as of June of this year, only a tenth of all Android devices have updated to Android 6.0 Marshmallow).
