It’s becoming more and more common for malicious applications on Android to use this old form of attack. Just like their famous predecessors that went after computers (do you remember the terrible Police virus?), ransomware “kidnaps” the cellphone and demands that the owner pay a “ransom” in order to unblock the device.
It is one of the most worrying threats to mobile users as it renders the device unusable until the fee is paid and is sometimes difficult to eliminate completely. Google is aware of this issue and has finally decided to face it head on.
Its latest operating system, Android 6.0 Marshmallow, which is already available on selected terminals, makes things more difficult for cybercriminals to hijack your phone. This is thanks to the company’s experts designing a new operating system to manage the permissions asked by different applications.
Until now, the user accepted all of the permission requests at once when they installed the apps (quite often without even reading them). Due to this, seemingly inoffensive apps such as a simple flashlight were able to access features that were nowhere near related to their purpose.
Not all were dangerous though, and for the most part they were only trying to fine tune their advertising. However, this arbitrary allowing of permissions by users opened the door to malware and it is one which Google is now trying to close again.
The majority of malicious apps that follow this tactic take advantage of the permission process to open alert window (SYSTEM_ALERT_WINDOW) when the terminal is blocked. Some also open an alert window which is impossible to close while others open an error message which remains on the screen.
In any case, the new manner of managing permission with Android 6.0 Marshmallow will make it a lot more difficult for cybercriminals to block their victim’s phone. A chat wants to access your phone? You’ll need to give it permission. An app wants to see your GPS? It can’t do it without your permission.
Now it seems that the security has been ramped up for permissions that are high risk, such as the case of SYSTEMS_ALERT_WINDOW. In this case, the user will have to manually access their settings within the app if they want to give it the green light – this isn’t something to take lightly, like in the past.
Maybe cybercriminals will think up another way to trick us into granting them permission, but this time they’ll have to think of how to do it without raising any suspicions. To keep those cyberattackers at bay, update your Android operating system as soon as possible. From then on, your best allies will be your common sense and a good security solution.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
