Symantec Uncovers Android Apps Security Threat

Symantec has found a security issue that exploits poorly coded Android apps to hijack permissions and compromise data.

Android has quickly climbed to the top of the mobile OS mountain, and it owes much of its success to being a more open platform than rivals like iOS. However, that openness is a double-edged sword that also exposes Android to potential risk--like the Android Class Loading Hijacking threat discovered by Symantec.

A Symantec spokesperson explains that the Android Class Loading Hijacking threat resembles a Windows DLL hijacking attack. "It relies on the fact that Android provides APIs that allow an app to dynamically load code to be executed. For example, an application may support plug-ins that are downloaded and then loaded at a later time. Unfortunately, if these plug-ins are stored in an insecure location, this process can be hijacked."

Symantec stresses that the Android Class Loading Hijacking threat is not a vulnerability in the Android OS itself, but a flaw in the way some apps are coded that can be exploited to hijack permissions.

Oliver Lavery, Director of Security and Development for nCircle, explains, "This weakness, and others like it that haven't been discovered yet, are an unfortunate side-effect of Android's openness. While open platforms are good, the history of browser vulnerabilities has shown us time and time again how important it is to have effective ‘sandboxing' for content that comes from the internet."

Lavery says that Android security is not significantly better or worse than the security of any other completely open computing device, like a desktop or laptop. "The ‘walled garden' approach iOS uses is almost certainly more secure, but that relative level of additional security comes at the cost of openness and extensibility."

Randy Abrams, Director of Technical Education for ESET, says that the Symantec research is interesting, but that cyber criminals really don't have to work that hard. Abrams warns that the liberal permissions Android apps are routinely granted make an attack like stealing a Gmail verification code text message as simple as convincing the user to install an app that has access to text messages.

"Users routinely grant such permissions to applications without a second thought," laments Abrams. "There is far too much opportunity for cross application pollution by design to invest in the real, but esoteric approaches that Symantec discusses."

There are always tradeoffs of functionality or flexibility vs. security. Android errs on the side of functionality over security, and that means that app developers have to be more diligent, and users need to be more vigilant to guard against security threats.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackersspamantispamvirusessecuritysmartphonesAndroidphishingmalwareconsumer electronicssymantec

More about nCircleSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place