Android Security Vulnerability - Rogue Apps Can Bypass All the Locks

Android security vulnerability:

Co-ordinate to latest leak, any rogue app tin remove device locks from your Android telephone. This contempo Android security vulnerability has been tested on Android four.0, Android 4.1, 4.2, and 4.iii Jelly Edible bean versions. With this Android security vulnerability in the coding, anyone tin can bypass all the activated locks on your device.

Reported, analyzed and tested by curesec, the Android lock bug exists on the com.android.settings.ChooseLockGeneric classwhich is used to allow the user to modify the type of lock the Android device should have. Android devices have several types of locks implemented on the devices, from pins, passwords to gestures and face recognition, which are used to lock and unlock the Android device.

If any user wants to modify the lock settings, for example irresolute the pin, it requires the user to first enter the previous / existing pin. In the code, user is allowed to control if the device should enquire for confirmation or not. This fashion, user has the control on the flow which can be used to finer unblocks the device.

"We tin can control the catamenia to achieve the updatePreferencesOrFinish() method and encounter that IF we provide a Countersign Type the menses continues to updateUnlockMethodAndFinish(). Above we tin come across that IF the password is of type PASSWORD_QUALITY_UNSPECIFIED the code that gets executed and effectivelyunblocksthe device." - cureblog

Here is some description of how Android security architecture works:

"A fundamental design betoken of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely affect other applications, the operating system, or the user. This includes reading or writing the user'south private data (such as contacts or e-mails), reading or writing some other application's files, performing network admission, keeping the device awake, etc." -Android

We cater to your constant demand to remain up to date on today's engineering science. Like us, tweet to us or +i us, to keep upward with our circular the clock updates, reviews, guides and more!