Millions of Android smartphones can be hacked. Microsoft has identified a security vulnerability in popular Android apps, both available on the Play Store or installed by default. It seems that Play Protect is not able to detect violations of this type. An emergency update has become available to protect users, thanks to Microsoft experts.
Microsoft has just discovered a number of security flaws in some Android apps. In a new report, the American giant explains that in September 2021 it discovered “serious vulnerabilities in the mobile platform owned by MCE Systems.”
This is an Israeli company that provides developers with a software environment. According to Microsoft, these ready-made frameworks make life easier for developers and make activation of Android devices easier as well. However, the “extended control” over products provided by MCE Systems makes them the main target for hackers.
According to Microsoft researchers, this framework is used by many companies that specialize in software development, including system apps integrated into the phone by default. It is often impossible to get rid of these applications, even when you delete them.
- Protect your privacy with the Surfshark VPN
According to Microsoft, these applications are available on millions of Android smartphones around the world. Some apps available in the Play Store have been downloaded millions of times. In detail, Microsoft has identified 4 security vulnerabilities by digging into the code of the framework. “The vulnerabilities we have identified can be used in the same way,” adds Microsoft.
Research team tells that the shortcomings may allow an experienced attacker to remotely “implement a permanent backdoor” in a smartphone. With this backdoor, they will be able to install viruses or spyware without your knowledge. Even worse, a hacker can directly gain control of your device without requiring physical access to it.
The framework can “access system resources and perform system tasks such as audio, camera, power, and device memory settings.” The framework, developed by MCE Systems, also has “extended privileges” for working with system apps.
In addition, this is why the use of vulnerabilities in the framework code endangers the personal data and security of users. In this context, Microsoft believes that the violations may be very serious.
Microsoft researchers have also found that Google Play Protect, the security system that controls the Play Store, is completely powerless in this case. “These inspections were not designed to identify such problems,” the report said.
Also, this is not the first time the reliability of Play Protect has been questioned. To improve security on Android, Microsoft has contacted Google teams. Thanks to the cooperation, the two companies were able to help Play Protect “identify these vulnerabilities.”