Google closing privacy flaw in Android
Google is finally making moves to close a privacy flaw that allows apps to covertly gain access to network activity on a device even without asking for sensitive permissions.
The flaw in the /proc/net directory of Android allows apps to detect the presence of other apps installed on an Android device, and sniff out when they are connecting to the internet including connecting to a specific server.
It does not expose the content of any network activity, but the flaw is already being used in a range of applications, including hidden trackers on Google Play, to track users’ network activity without their knowledge.
While a fix is being developed involving restricting access to some of the data stored in /proc/net, most applications are expected to continue to have unrestricted access to network activity until 2019, when a new framework for the way apps access APIs is introduced.
“User tracking without their consent undermines basic privacy and security,” said NordVPN CMO Marty Kamden.
“Apps can monitor network activity even without requesting any sensitive permissions. In addition, this privacy hole could easily be exploited for malicious purposes — for example, when a user’s browsing history is collected, their online profile can be created.”
He urged Android users to consider taking additional steps to safeguard their online privacy, including being sure not to download fake apps or click on phishing messages, maintaining good password hygiene and keeping Android up to date with all software updates and security patches. Users should also consider using a VPN on their Android devices.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.