New Android vulnerability allows fake installer screens

Many of us will probably be getting numb to the fairly regular security warnings that become inextricably connected to our smartphones. There’s an acceptance of risk when we download apps, and we freely skip past that screen which tells us just how many permissions an app requires.

Now we’re hearing that any unpatched Android phone running a version older than Oreo is going to need fixing. A new malware, found by Palo Alto Networks researchers, is able to draw fake dialogs which fool users into installing nasty software.

It is, when you think about it, devilishly easy. Just show a screen which looks like a regular Android installation screen and you’ll believe what you see. Underneath, bad things are happening.

Sure, Android shouldn’t allow this, and if I spent the proper amount of time looking at the install permissions of every app installed from Google Play, I should be safe. But who does that, really? In theory you have to allow the “draw on top” permission and it has to be an app installed from Google Play.

If you’ve got the latest Oreo OS then you’re fine. However, nobody really does.

For the rest of us, to really be protected properly, you’ve got to be looking at purchasing security for Android. This will prevent malicious apps and webpages from stealing your data or worse, and some apps will go further – optimizing performance by deleting unused cookies, managing passwords, and more. Security apps are well-worth the investment, but we rarely think of buying or installing this software.

One very ex Galaxy S5

While my previous tips for securing your phone should hold true whether you are home or abroad, there are a few more things you can do to make your smartphone (or other mobile device) safer.

Yes, get yourself some mobile security software, but don’t forget to back your stuff up. Some devices can be set to automatically back up but remember to utilise auto-backup features in apps such as WhatsApp. Use Google Photos to store your photos in the cloud too. Just recently, this very weekend, my father-in-law saw his device be reduced to rubble after losing it. Somehow it ended up on the car roof and it was then run over by many, many vehicles. Even the storage card was split in two, which meant that all his precious photos were gone.

Whilst having lots of on-board storage is good, it’s easy to backup your data over your WiFi to the cloud, and it’s mostly free too.

Also, and this is something we did to find the crushed handset after searching the house and the car, ensure that you’ve got the “Find your device” setup, then you can be safe in the knowledge that you’re able to find your handset if you lose it … or if you leave it on the car roof. In our case, it reported the last position to the mighty Google cloud before getting squashed. Useful, very useful.

Protect yourself, back up your data and ensure that you know where your handset is. It’s easy to do, but you’ve got to make that logical decision to actually do it.