A new study says that the presence of malware apps on an Android device can “unlock” vulnerabilities in other apps like Gmail.
Ever wondered why anti-virus programs detect malware apps along with viruses? Many believe that the malware because it’s not a virus, isn’t that harmful. However, a new study shows that the malware is more harmful than many believe it to be.
The study, done by University of Michigan and California-Riverside researchers, found that one single malware app is all it takes to reduce the security of the remaining apps on the device. The team used a malware-ridden app to hack into popular apps on Android devices, and in so doing, found that Google’s email app, Gmail, was the easiest app to hack into. The team tested seven apps, with Gmail being the easiest to hack (92% success rate), tying with H&R Block (92%), followed by Newegg (86%), WebMD (85%), Chase Bank & Hotels.com (83%), and Amazon (48%). Despite how hard it is for hackers to access Amazon.com, a 48% success rate is still a bad sign for Android.
And Gmail, as the default email app for Android users, is sadly unprotected from malware and hackers – which is the most unfortunate part of the study. This likely explains why Google looks to integrate Samsung’s KNOX business security into the upcoming Android L update. Google shouldn’t stop there, however – ordinary customers should receive access to KNOX security as well, even if they’re not business professionals.
The researchers also seemed certain that the same hacks could be replicated on iOS and Windows Phone, although they hadn’t tested this hypothesis at the time of the study.
The key to the hack involves accessing the app at the same time that a user attempts to enter into the app to check email (Gmail) or deposit a check (Chase). “By design, Android allows apps to be preempted or hijacked. But the thing is you have to do it at the right time, so the user doesn’t notice. We do that, and that’s what makes our attack unique,” said the University of California-Riverside researcher Zhiyun Quian. For Quian and his team, shared memory is the cause of successful malware hacks: shared memory is tied to public side channels that can be accessed by anyone – including hackers.
Hopefully, studies such as this will show Google that Android still needs more internet security protection safeguards in the future. Google has started scanning apps for malware (which is a good sign), but the search engine giant also needs to find ways to prevent malware-ridden apps from arriving in the Google Play Store in the first place.
Although some consumers have never come into contact with malware-ridden apps, some of us here at Inferse have – and it pays to have an anti-virus app that scans your device thoroughly in such cases. There’s always danger in mobile, and you can’t discredit the testimonies of others because you’ve never encountered it yourself. Thefts and robberies exist in the world, and you can’t say that they don’t exist because a thief has never arrived at your doorstep. Here’s to hoping that we get to a place one day where malware apps no longer appear in the Google Play Store – and stories such as this become irrelevant.