Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

New bug to bypass Android security discovered, no response from Google

An Android vulnerability exists that allows a rogue app to remove all existing securities activated by a user of the popular mobile operating system, researchers with Berlin-based IT security advisory company CureSec recently discovered.

“The bug exists on the “com.android.settings.ChooseLockGeneric class,” according to a blog post, which explains how users can effectively remove existing security protocols and set up new options. “This class is used to allow the user to modify the type of lock mechanism the device should have.”

CureSec created an app to test the vulnerability, which was successful on Android 4.0 through Android 4.3, but not in Android 4.4, the latest release. CureSec said it disclosed the issue because the Google Android Security team would not respond to correspondence.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.