Cybersecurity firm Trustwave claims to have identified a flaw in Google Play's security filter that allows a verified app to be updated with malicious code, according to CNET. The problem lies with Google Bouncer, the automated system that inspects newly submitted apps for incriminating code or functionality. Trustwave submitted a contact blocking app called SMS Blocker to Google for verification and, because it was legitimate and fully functional at the time, Bouncer let it through. However, using its special cloaking technique, Trustwave was able to update SMS Blocker 11 times with code that enabled it to peek at user photos, contacts, phone records, and even launch malicious websites.
While Android malware has appeared in the past,...
Continue reading…
No comments:
Post a Comment