Android's 'PackageInstaller' Vulnerability a Gateway to hack Devices

A security flaw was found in the Android's 'PackageInstaller' system service that provides path to the hacker to hijack the installation process of a third-party Android app, which seems pretty safe to user and replaces it with a Malware (infected app of his choosing).



The security flaw was reported to Android by the teamof security researchers (Ryan Olson, Huagang Xie, Claud Xiao, Colt Blackmore, and Taylor Ettema) from the Palo Alto network. Palo Alto previously worked with Google, Amazon and Samsung to report vulnerabilities and then issue their patches. The company discovered this vulnerability in January last year and reported it to Android security team, Amazon and Samsung.


This vulnerability is so severe that the users passwords and sensitive information are not safe. They can be hijacked through the infected app which was installed through the third-party. Around 49.5 percent Android users were infected by this app before it was patched by the Android (on its latest versions only).

The Google also released a statement today that " The Android Security Team has not detected any attempts to exploit this vulnerability on user devices." Google also added that the Android 4.3 and later versions are not vulnerable to this flaw. But the researchers from Palo Alto said the older version users are not safe from this Vulnerability. 

So, the Android users who have older version android devices should avoid installing apps from the third party. This vulnerability affects Android device users as well as Android app developers. For Android device users, the users may end up with installing apps that are not the ones they agree to install.

Android app developers are also affected, because app-store apps and mobile ads libraries that do not rely on Google Play store would be likely to save the promoted apps in unprotected storage, example 'sdcard'. Like the example we show with Amazon appstore app, the unprotected storage in sdcard may allow attackers to replace the promoted apps with malware apps.