Run this Installer Hijacking Scanner app to see if your older Android phone is at risk

Half of all Android phones still run Android 4.2 or older; they could be vulnerable to hijacking app

This app could save your older Android phone from being hijacked. Specifically, the Installer Hijacking Scanner app from the Google Play store is designed to check for a vulnerability that was discovered over a year ago and still hasn't been resolved.

Palo Alto Networks revealed information Tuesday about a critical vulnerability affecting Android. The flaw was initially discovered in January, 2014. Palo Alto Networks has been working closely with Google and Android device manufacturers to resolve the issue since then. The flaw, dubbed "Android Installer Hijacking," is estimated to impact nearly half of all Android devices.

The vulnerability affects the Time-of-Check to Time-of-Use (TOCTTOU) function of Android. Exploiting the flaw allows an attacker to hijack app installation and replace or modify an otherwise benign Android app installation with malware without the user's knowledge. According to Palo Alto Networks the malicious app is able to gain full access to the compromised device--including usernames, passwords, and other sensitive data.

The issue is a problem only when downloading apps from third-party repositories. Apps installed from Google Play are downloaded to a protected space within the file system. Third-party app stores, on the other hand, typically download files to unprotected storage and installed directly from there. The TOCTTOU flaw enables an attacker to modify or replace the file during installation without alerting the user.

The issue is mainly a concern for users that install apps from third-party app stores on older Android devices. Palo Alto Networks claims that the flaw exists in Android 2.3, 4.0.3-4.0.4, 4.1.x, and 4.2.x. Some Android 4.3 implementations have also been found vulnerable.

One of the primary benefits of Android is also one of its biggest concerns. The volume and diversity of Android devices leaves many Android users stuck with outdated versions of the OS. Androd 4.4 KitKat was released in October of 2013 and has already been supplanted by Android 5.0 Lollipop yet less than 40 percent of Android users have received that update. Meanwhile, Google has stopped supporting Android 4.3 and earlier versions--leaving more than half of Android users to rely on the Android community to patch vulnerabilities or just fend for themselves.

At the time the vulnerability was discovered, it affected almost 90 percent of the Android devices in use. Thanks to attrition and updates to more current versions of Android, that number has dropped to just under 50 percent. The Android device doesn't need to be rooted to be vulnerable, but rooted devices are predictably more vulnerable, according to Palo Alto Networks.

Based on these facts, mitigation seems relatively simple. You should update your device to Android 4.3--or preferably 4.4--or later if at all possible. Regardless, you should stick to downloading apps from the official Google Play store.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags android malwaresecuritysmartphonesAndroidAccess control and authenticationdata protectionantiviruspalo alto networksconsumer electronicsmobile malwareGoogle

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?