Blog
Ranjeet Menon

Android Focus Stealing Vulnerability

August 10, 2011
0
Estimated reading time: 2 minutes
Android allows applications to voluntarily come to the foreground or to become active while user is using another application. However, because Android’s SDK (Software Development Kit) allows apps to be pushed to the foreground, Android allows users to dismiss and override this behaviour be hitting the back button. This Android feature is used by many security applications for application control or for locking the phone.

Hackers can target this Android feature as a vulnerability by creating fraud application pop-ups that replace the bank app or social networking app standard log-in screen and thus collect user information. The screen would blip so fast that users wouldn’t even notice that the original log-in has been replaced by this fake pop-up.

Hackers at the DefCon conference exposed this design flaw in the Android operating system that could be exploited by criminals to phish for customer data or to introduce pop-up ads to smart-phones.
Normal users cannot identify such applications from the “permissions required” displayed at the time of installation as it is a legitimate function for many applications.

According to Google, they have not seen any apps maliciously using this technique on the Android Market and they will remove such apps, if found.
A user has to be careful as attackers could post apps much faster than Google could identify and remove them from the Market.

To avail the introductory 50% discount offer please visit our Quick Heal Mobile Security page here.

To download the free trial version for your Android device please visit Android market by clicking on below link:



Have something to add to this story? Share it in the comments.

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image