Many Android devices are susceptible to “Android Installer Hijacking” attacks that have the potential to compromise devices and give illegitimate apps access to sensitive data. This type of attack exploits a vulnerability called “Time-of-Check to Time-of-Use (TOCTTOU)” which was uncovered by Palo Alto Networks in January, 2014 but only publicly disclosed in their blog on March 24, 2015. Android users who are victims of this type of attack may end up with a different app than the one they intended to install. Android developers are also susceptible when using unprotected storage, e.g. sdcard. The vulnerability only effects applications that are installed from 3rd party app stores, not Google Play.
According to Palo Alto Networks, the vulnerability is estimated to have affected 89% of Android devices in 2014. However, that percentage has been reduced to about 49% after the release of patches by Google, Samsung and Amazon.. There is also an installer vulnerability scanner that you can use to discover this flaw. Check it out on YouTube.
In today’s world of extensive cyber hacking and lack of data privacy, it’s nice to see a company like Palo Alto Networks on top of their game, helping to protect us.
For more information:
An informative description of the TOCTTOU vulnerability by Palo Alto Networks and related exploitation methods can be found here.