Table of Contents
It is thought that a vulnerability existed in Google’s eponymous Android mobile app that has been downloaded more than five billion times that could have leaked personal information to an attacker.
It is still unclassified as a major flaw or a minor bug by the experts.
According to the founder of Oversecured Mobile App Security Group, Sergey Toshin, this problem is related to the fact that the Google app relies on code that is not part of it directly.
Google app, for example, relies on code libraries on Android smartphones, which reduces download sizes and storage space.
Nevertheless, the shortcoming in Google’s code left the malicious application with access to nearly all a user’s data by inheriting the Google permissions.
History, Microphone, camera access, and location, everything is compromised.
Alternatively, the malware application may use the code library from another malware app on that very same device rather than sticking with the legitimate code library.
In addition to searches, e-mails, text messages, contact information, and call history, Google grants access to user accounts, search histories, microphones and cameras, along with user location data.
Activating the malicious application once is all it takes to launch the attack, but it is performed without the user’s knowledge or cooperation.
The malware will not be removed from the Google app even after removing the malicious program.
Google claimed it had fixed the bug on mobile app
Earlier this month, a Google spokesman said the company fixed the issue and there was no proof that attackers were exploiting the vulnerability.
Android’s malware scanner, Google Protect Play, will prevent apps from installing that are harmful.
Unfortunately, there is no absolute safety feature, and there are already malicious apps on the Internet.
According to Toshin, the vulnerability in Google’s mobile app is similar to a bug identified in TikTok earlier this year, which allows an attacker to hijack a user’s session token, which is used to exploit the user’s account.
Other similar vulnerabilities have also been found in recent Samsung pre-installed apps and the Google Play app for Android.
If you are planning to buy an Android-powered device, Hold on for a little longer!