Millions of Android smartphones can be hacked. Microsoft has identified a security vulnerability in popular Android apps from the Play Store or installed by default. It seems that Play Protect is not able to detect violations of this type. An emergency update with the help of Microsoft experts has become available to protect users.
Microsoft has just discovered a number of security flaws in some Android applications. In a new report, the American giant explains that in September 2021 it discovered “serious vulnerabilities in the mobile platform owned by MCE Systems.”
This is an Israeli company that provides developers with a software environment. According to Microsoft, these ready-made frameworks make life easier for developers and activate Android devices. However, the “extended control” over products provided by MCE Systems makes them the main target for hackers.
According to Microsoft researchers, this framework is used by many companies that specialize in software development, including system applications integrated into the phone by default. Obviously, it is the applications installed on Android phones that put users at risk. It is often impossible to get rid of these applications, even removing them.
According to Microsoft, these applications are available on millions of Android smartphones in circulation around the world. Some apps available in the Play Store have been downloaded millions of times. In detail, Microsoft has identified 4 security vulnerabilities by digging into the code of the framework. “We can use the vulnerabilities in the same way,” adds Microsoft.
According to the research team, the shortcomings may allow an experienced attacker to remotely “implement a permanent backdoor” in a smartphone. With this backdoor, he will be able to install viruses or spyware without your knowledge. Worse, a hacker can directly gain control of your device without requiring physical access to it.
According to Microsoft, the framework can “access system resources and perform system tasks such as sound, camera, power, and device memory settings.” The framework, developed by MCE Systems, also has “extended privileges” for working with system programs.
In addition, this is why the use of vulnerabilities in the framework code endangers the personal data and security of users. In this context, Microsoft believes that the violations may be very serious.
Microsoft researchers have also found that Google Play Protect, the security system that controls the Play Store, is completely powerless in this case. “These inspections were not designed to identify such problems,” the report said.
Also, this isn’t the first time the reliability of Play Protect has been questioned. To improve security on Android, Microsoft has contacted Google teams. Thanks to the cooperation, the two companies were able to help Play Protect “identify these vulnerabilities.”