Google ‘Verify Apps’ already blocks QuadRooter exploit
QuadRooter sounds like another serious Android security exploit. One which can apparently allow a malicious app to gain root access on Qualcomm based Android phones and tablets, enabling the app to then to pretty much what it pleases. According to Check Point, the research group that discovered QuadRooter, up to 900 million Android devices could be affected. However, the issue probably now isn’t as problematic as first thought, as Google has confirmed that it’s ‘Verify Apps’ security feature will block and remove applications that attempt exploits of this very sort.
Verify Apps is essentially a last line of defence designed by Google to offer protection from malicious apps, even if they are installed from outside of the official Play Store. Google states that QuadRooter is exactly the sort of exploit that Verify Apps is designed to protect against. Importantly, this feature has been enabled by default on devices since the introduction of Android 4.2 Jelly Bean, providing that the phone has Google Play Services installed. A quick glance at the Android platform statistics reveals that 92.4 percent of devices are running Android 4.2 or newer, and most users will have been very unlikely to have disabled this feature.
What should happen on devices that attempt to install a malicious piece of software is that a Verify Apps pop-up will appear displaying the message “Installation has been blocked”. It won’t present a way for the user to continue with the installation either. Older devices, such as those running Gingerbread, can also manually enable this extra security. Customers simply have to go into the Google Settings app, click on the Security tab, and enable the feature.
Combined with the fact that QuadRooter can only begin to operate by installing an infected app from outside of the Google Play store, which itself requires users to switch on the install from Unknown Sources option, and the number of truly vulnerable devices falls to a tiny percentage of all of those out there. Certainly we’re not looking at anything close to 900 million devices right on the verge of being infected.
“We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.“ – Google
Not that this excuses such a flaw and the lack of quick OEM patches to shore up the hole. But at least most Android users are already protected from the problem. This being said, it’s worth noting that phones in some regions don’t come with Google Play Services installed, Chine being a notably large market, and therefore these won’t feature Verified Apps security.
All in all, QuadRooter is an issue, but one that is very unlikely to affect the vast majority of Android users, as there are several security steps already in place to project most of us. Only customers who install apps from questionable third party resources and disable Verify Apps security are at risk, so rest easy.