Another day, another Android flaw that puts users’ personal data at risk. The headlines are dramatic and designed to pull your click in and why not, every site needs clicks, including ours. The headlines aren’t exactly all lies: it is true there is an Android flaw, and it is true that user’s personal data can be at risk. But what most sites don’t tell you until very late into their articles is that this flaw is only executable if you are downloading apps from third party sources (apps not from Google’s Play Store).
A malicious application installed using the vulnerability, called “Android Installer Hijacking,” would have full access to a device, including data such as usernames and passwords, wrote Zhi Xu, a senior staff engineer with Palo Alto.
The company wrote two exploits that take advantage of the flaw, which involves how APKs (Android application packages) are installed.
The vulnerability only affects applications that are installed from a third-party app store. Security experts generally recommend using caution when downloading apps from those sources.
I’m going out on a limb here and saying that the majority of regular Android users don’t even know how to allow installations from unknown sources. Basically what we’re saying here is, if you’re downloading all your apps from the Google Play Store, you have nothing to fear. Go on about your day and let the small percentage of users who do know how to allow installations from unknown sources worry about their personal data being compromised. Overall Android is very safe and most of these Android exploits only affect devices that are working outside of the Google app ecosystem.