A report from security firm Lookout has a lot of Android users fearing for the safety of their devices. After all, the firm's findings do suggest that a very real threat to Android devices exists, and it lies at the very heart of the OS itself. Apart from this, the security flaw exists even in the latest versions of Android, which means that very few devices are safe.
The main problem lies with a Linux vulnerability that was actually patched way back 2014, according to Lookout's data. Regardless of this, and despite the fact that the vulnerability was specifically tagged with the designation number CVE-2015-1805 last February, Android developers were not able to adequately provide a secure fix for the problem.
The security glitch was addressed by Google itself in an advisory last Friday, in which the tech giant outlined the possible dangers that were related to the flaw. In a nutshell, the security flaw was capable of gaining root access to a device, ultimately doing some very serious, permanent damage.
In fact, some developers have even stated that the vulnerability might end up effectively bricking a device, with the only possible fix being a full reflash of the affected device.
Despite the seemingly apocalyptic picture suggested by the words "permanent damage," the real dangers of the open-source operating system might be marginal. While the risk does exist for now, effectively compromising a device would require a rather extraordinary series of actions on the part of the user.
Upon finding out about the flaw last February, Google actually ran a series of tests on the operating system. The company was able to definitively conclude that no apps in the Google Play Store were affected by the vulnerability. Thus, users could rest assure that the apps in the Play Store are safe for their devices.
So what of the actual permanent damage? Another firm, Zimperium, was able to effectively find a malicious app on a Nexus device earlier this month. What made the findings quite disturbing was the fact that the app, which seemed to be designed to take advantage of the security flaw, was publicly available.
However, the malicious app that was discovered on the Nexus phone was not available in the Google Play Store. Thus, for the app to be installed, the user actually must have gone out of his, or her, way and downloaded it from a separate website. Plus, the user would have also neglected to heed the warnings of Android's Verify Apps system, which is specifically programmed to warn users about the possibility of a malicious app being installed.
Of course, Google is currently working on overdrive in order to fix the security flaws in the Android operating system. As of writing, the Verify Apps system has been fully updated, and rooting applications in the Play Store have been barred from exploiting the flaw.
Overall, the smoke was definitely there, but as it turns out, the fire seems to be not as huge as everyone had feared.