Security flaws and vulnerabilities are found in almost every software and operating system. A big one was recently found on Android and it was Microsoft that stepped in to warn Google and ‘save’ Android users from being exposed to hackers. In a blog post, Microsoft explained that it found, “high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote (albeit complex) or local attacks.”
What was the threat level for Android users?
Microsoft said that it discovered that the framework, which is used by numerous apps, had a “BROWSABLE” service activity. This means that an attacker could remotely invoke to exploit several vulnerabilities that could allow adversaries to implant a persistent backdoor or take substantial control over the device. The framework was authorised to access system resources and perform system-related tasks, like adjusting the device’s audio, camera, power, and storage controls.
Now all the apps that are available on the Google Play Store go through Google Play Protect’s automatic safety checks. However, these checks previously did not scan for these types of issues. “As part of our effort to help ensure broad protection against these issues, we shared our research with Google, and Google Play Protect now identifies these types of vulnerabilities,” said Microsoft.
Microsoft further explained that “coupled with the extensive system privileges that pre-installed apps have, these vulnerabilities could have been attacking vectors for attackers to access system configuration and sensitive information.”
Has the issue been resolved?
The vulnerabilities, which affected apps with millions of downloads, “have been fixed by all involved parties”, said Microsoft. The tech giant said that it worked with mce Systems, the developer of the framework, and the affected mobile service providers to solve these issues. “We commend the quick and professional resolution from the mce Systems engineering teams, as well as the relevant providers in fixing each of these issues, ensuring that users can continue using such a crucial framework,” noted Microsoft.