A security research company came forward with information detailing a potentially dangerous set of security flaws tied to Qualcomm’s chips that are used in a significant number of mobile devices, saying that more than 900 million Android devices are at risk. However, Google followed up on that research, saying that 90% of those devices should be protected against QuadRooter, even if the actual vulnerabilities aren’t patched.
Unearthed by Check Point, the four vulnerabilities are yet to be patched by Google and its partners, even though Qualcomm already made the fixes available. Google deployed three of the four patches, while others are likely behind when it comes to security updates.
But it turns out that a feature that’s available in Android versions including Android 4.2 and later can protect users against QuadRooter. That means 90% of active Android devices out there already have built-in protection against QuadRooter.
In order for hackers to hijack a user’s device with the help of QuadRooter, the user needs to install a malicious app from a third-party store first. But Google says its Verify Apps feature combined with Safety Net will block such apps from being installed.
“We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem,” Google told Android Central. “Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.”
Even so, to make sure you’re truly protected against malicious threats on Android, remember one simple rule of thumb: Do not download apps from any place other than the Google Play store.