As researchers have pointed out a security flaw on Android devices, that apparently exposes the details about a user’s device to all applications running on that device, so Google has provided a fix for the Android security flaw with the latest version of its OS called Android pie. However all the older versions are still vulnerable to that issue. The vulnerability allows apps to move past permissions to get the access to the information found in system broadcasts. The details includes are name of the wi-fi network that the particular device is using, the MAC address of the device, IP address, DNS server information etc. these all informations makes it easy to track the device.
Android security flaw (CVE-2018-9489) Report :-
The Android security flaw (CVE-2018-9489) was found by researchers from Nightwatch Cybersecurity, who have warned that the vulnerability can be used to “uniquely identify and track any Android device” and also to “geolocate users”. While the advisory mentions all the information that the apps can access, it also states that some of the details such as MAC address are no longer available via APIs on Android 6 and higher.
The report also claims that Google has fixed this security flaw on its Android 9.0 Pie, But the final build of it is currently limited to Google’s Pixel range users only.
The nightwatch Cybersecurity report says that Google is not planning to fix this flaw onits older version of the OS.
not only smartphones with older versions of Android are vulnerable to this flaw, but also the devices running a forked version of Android are also similar vulnerable. e.g :- Amazon Fire Phone and Fire Tablets run forked version of Android.
Please keep notice that Android is an open source operating system developed by Google for mobile phones and tablets. It is estimated that over two billion devices exist worldwide running Android.
One of the best security mechanism present in the Android is permissions. These are safeguards designed to protect the privacy of users. Applications must explicitly request access to certain information or features via a special “uses-permission” tag in the application manifest (“AndroidManifest.xml”). Depending on the type of permission (“normal”, “dangerous”, etc”) the OS may display the permission information to the user during installation, or may prompt again during run-time. Some permissions can only be used by system applications and cannot be used by regular developers.
Found this Article useful ? Don’t forget to share. Any queries / Suggestions , please comment below.