Google Acknowledges Vulnerability in Millions of Android Devices; Promises Fix

Millions of Android smartphones and tablets are vulnerable to security attacks, Google has warned. The vulnerability, if exploited, gives an app unfettered root access, circumventing various Android security layers. The Mountain View-based company has made available a patch to OEMs, and says it is currently working on a fix for the Nexus lineup.

Security researchers spotted an app in the Google Play, Android's marquee app store, which tries to leverage the vulnerability. Android inherited the flaw from Linux years ago. Interestingly, Linux developers fixed the bug in 2014, and it was later on flagged as a vulnerability - identified as CVE-2015-1805 - early last year.

http://gadgets.ndtv.com/mobiles/new...llions-of-android-devices-promises-fix-817170

 

That vulnerability is worrying, given that Google have stated their intention to roll out Android Pay in the UK later this year,

http://www.cnet.com/uk/news/googles-android-pay-coming-to-the-uk-in-the-next-few-months/

If a phone can be used to pay in the same way as a contactless card, and this vulnerability allows an app to circumvent security and access data, then details cloning becomes both likely and, worse, possibly unecessary. With the escalated priviledges possible through the hack, there would be a risk of hostile or backdoor code in an app making transactions without user approval or knowledge.

 

'Snake acknowledges venom in fangs. Promises not to bite prey.'

I think that's what I just read from the news article on it. This is why I tell my bank to tell me another funny joke when they insist that I should start using their mobile app to make things 'easier'. I told them I don't want it 'easier', it doesn't get any 'easier' than logging in from a browser on a secure machine. I want it more secure from outside attacks and threats to the system before I even consider anything like that, and I get a stare back like deer in headlights.

The problems with the OS itself for Android and iPhone is why I cannot, and will not, use any mobile devices for banking or anything of a personal or sensitive nature whatsoever.