The researchers have discovered a new type of vulnerability called Pileup flaws, the vulnerability exist in the Package Management Service.
When a new app installed on old version of Android request a permission for features that don’t exist on that version of Android, however when the user upgrade to the new version, Android keeps all the permissions which mean that they will work in the new version of Android.
The researchers have developed a detection service, called SecUp, which deploys a scanner on the user’s device to capture the malicious apps designed to exploit Pileup vulnerability.
Like many other threats, the best mitigation is installing trusted software only.
Apr 1st 2014
3 years ago