A set of vulnerabilities called QuadRooter was reported to affect almost 900 million Android devices. Through malicious apps, these vulnerabilities can give attackers access to all the sensitive data on a Qualcomm-based device. However, Google has announced that the ‘Verify Apps’ feature in Google Play Services effectively blocks all apps with QuadRooter vulnerabilities from installing.
This ‘Verify Apps’ feature is available to Android devices running on v4.2 Jelly Bean and above, which according to Google’s latest figures comprise 90.6 percent of active devices visiting Google Play. The feature is activated by default on all Android devices above that version number, and unless a user has manually gone and disabled the feature, your device should be safe from the QuadRooter vulnerability. What this feature does is that it verifies apps, and blocks those detected as malicious apps from being installed on Android device. If a user tries to install an app with an exploit, it blocks the installation and displays an “installation has been blocked” message with no option to ignore and install anyway.
“We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these,” a Google spokesperson told Android Central.
The vulnerability is said to be based on Qualcomm chipsets, and will affect all Android devices powered by those SoCs. The QuadRooter vulnerability can give the attacker access to sensitive data, and even let them record audio and video.
Some of the popular devices said to be affected by the new QuadRooter flaw include BlackBerry Priv, Google Nexus 5X, Nexus 6P, HTC 10, LG G5, Moto X, OnePlus 3, and Samsung Galaxy S7 among others. The Blackphone 1 and Blackphone 2 can also be exploited by the Quadrooter vulnerability. Just for added security, it is recommended to avoid side-loading of apps, and thoroughly examine any app installation request before accepting.