If you own an Android smartphone, it is likely you are at risk from a newly discovered security flaw, researchers have said.
The bug leaves users at risk from having their screen ‘hijacked’ by hackers, who could then use it to steal passwords, banking details, photos or other personal data.
Hackers could also use the bug to take control of an Android phone until a ransom is paid.
The flaw was discovered by researchers from cyber security firm Check Point who say that 45 percent of Android users worldwide are affected.
Alarmingly, Google says it does not plan to fix the issue until later this year, when it rolls out the next version of its mobile operating system, dubbed ‘Android O’.
“Based on Google’s policy which grants extensive permissions to apps installed directly from Google Play, this flaw exposes Android users to several types of attacks, including ransomware, banking malware and adware,” Check Point said in a blog post.
“Check Point reported this flaw to Google, which responded that this issue is already being dealt with in the upcoming version of Android, currently dubbed “Android O”, the firm added.
The flaw is made possible by a glitch in Android’s system that allows apps to pop up on your screen – the same system that lets the Facebook Messenger bubble pop up whenever your receive a message.
However, criminals could take advantage of the glitch to hijack a victim’s smartphone and install malicious software onto the device.
The advice for users is to avoid downloading apps from third party app stores or from unfamiliar sources, even if the app is available to download from the Google Play Store.
Users should only download apps from trusted brands, Check Point said.
“Users should always beware of malicious apps, even when downloading from Google Play.”
“Look for the comments left by other users, and grant only permissions which have relevant context for the app’s purpose.”
“And just as you protect your PC with dedicated security solutions, you should also make sure to protect your mobile device using a protective solution capable of identifying and blocking known and unknown malware.”
The news is the latest in a number of major security issues to hit Android in recent weeks.
Last month, it was revealed that 50 apps were removed from the Google Play Store after they were found to contain malware. The malicious apps were believed to have infected more than 2 million smartphones.
More recently, data released last week claimed that a new instance of Android malware is discovered every 10 seconds, and that 750,000 malicious Android apps have been discovered in 2017 alone.