Android security - malicious code

Should you be worried about the latest Android security scare?

The Register is running a story today about a ‘severe malware threat’, potentially affecting millions of Android users.

An initial glance at the numbers doesn’t look good. As many as 1.8% of the most popular apps on Google Play are potentially affected, and these apps have been downloaded 200 million times.

A little basic maths tells us that almost 1 in 50 of the most popular apps on Google Play potentially pose a severe malware threat. Therefore, you wouldn’t need to have a particularly large app collection in order to have downloaded one of the problematic titles.

The threat has been discovered during research carried out by FireEye. The information security company found the vulnerability in a mobile ad library.

Mobile ad libraries serve ads to users, allowing developers to generate revenue from their apps. It is almost certain that developers using this particular library did so without knowing about its vulnerabilities.

The ad library itself has not been named and FireEye has simply referred to it as ‘Vulna’. Naming the library would risk its vulnerabilities being targeted, leaving users exposed.

The problem that Vulna presents is twofold. Firstly, it collects sensitive user information, and secondly, its vulnerabilities allow attackers to carry out malicious activities on a user’s device.

It is not exactly unknown for ad libraries to collect information from devices. The problem with Vulna is that it is particularly aggressive in this respect and can be instructed to collect data such as contacts, call history and text messages.

The vulnerabilities within Vulna are quite diverse. An attacker could potentially do anything from taking photos to turning a device into part of a botnet.

It is likely that the problem is restricted almost exclusively to free apps, as premium apps do not tend to include ad libraries.

Reading that certain Android apps – which have been downloaded 200 million times, no less – potentially pose a serious malware problem is alarming, but the real-world risk is probably less than it first appears.

Many users download free apps almost randomly. These apps may be used little – if ever – before being uninstalled.

FireEye have notified the ad library vendor and many of the vulnerabilities have been addressed in the latest version of the software. Nevertheless, developers still need to implement the update, and users will then have to download the revised app.

“We’ve notified both Google and the vendor of the ad library and given them the list of apps which are impacted by these issues,” Dr Tao Wei, a senior research scientist at FireEye, explained to The Register.

“They have confirmed the issues and are actively working on addressing these issues. The vendor of the ad library is in the process of notifying the developers using their library to upgrade to the latest version which fixes many of the security issues we addressed.”