QuadRooter is the latest big Android security scare — a collection of 4 vulnerabilities in Qualcomm-based Android gadgets that could allow a malicious app to gain root access, allowing it to do basically anything on an affected device.
Unlike last year's Stagefright exploits, QuadRooter needs to be delivered in the form of an app, meaning you'd have to enable "Unknown Sources" and manually install an app from somewhere nefarious in order to become infected. However Android's "Verify Apps" feature, included in Google Play Services and enabled by default almost four years ago in Android 4.2 Jelly Bean, is designed to protect against exactly this sort of thing.
And now we have confirmation from Google that, as expected, Verify Apps can identify and block apps using QuadRooter. A Google spokesperson gave Android Central the following statement. (Emphasis ours.)
"We appreciate Check Point's research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these."
Verify Apps is on by default in Android 4.2 and up, which accounts for 90% of active Android devices.
While devices are technically still "vulnerable" even with Verify Apps, users would have to manually disable yet another security feature to be affected. Apps using an exploit as serious as QuadRooter would likely be roadblocked completely by Verify Apps — Android would display an "Installation has been blocked" message with no option to ignore and install anyway. (As opposed to the less serious "Installing this app may harm your device" message, which allows a click-through.)
This should happen on all Android devices running 4.2 and up with Google Play Services. It's worth underscoring several times and in glowing neon text that as of the latest data available, this accounts for more than 90% of active Android devices. And on older versions of Android going back to 2010's Gingerbread release, you can enable Verify Apps under "Security" in the Google Settings app.
QuadRooter is exactly the kind of threat Google had in mind when it created this extra layer of security.
So of the oft-quoted "900 million" vulnerable devices, 90 percent should automatically block any app using QuadRooter. And the remaining 10 percent can be protected if they enable this security feature manually. Again, QuadRooter is exactly the kind of threat Google was thinking of when it created Verify Apps and enabled it by default back in 2012.
While you could argue that it's a last line of defense, and doesn't excuse the generally woeful state of security updates among many Android manufacturers, it is an effective way to protect the many devices Google can't reach with its monthly security patches. As we reiterate every time there's a big Android security scare: issues like this are important and serious, but often overblown when they hit the media echo chamber. Context is important. More importantly, Google's built-in security safeguards should stop QuadRooter getting anywhere near those 900 million devices.
We may earn a commission for purchases using our links. Learn more.
The U.S. is reportedly close to restoring Huawei’s global chip supply
According to a report from Financial Times, the U.S. Department of Commerce will soon grant licenses to chipmakers to resume the supply of components for use in Huawei’s mobile devices.
5 Chromebook trends that need to die
There's a lot of good things Chromebooks have added in the last few years, but just as there are some rumors that refuse to fade, there are a few trends in the Chromebook world that are hanging on with an unnatural grip that need to be hacked off before they drag the next generation of Chromebooks under.
Review: Xiaomi Mi 10T Pro makes the 108MP camera accessible to everyone
With the Mi 10T Pro, Xiaomi is redefining the value segment. The phone features an outstanding 108MP camera, Snapdragon 865 chipset, and a 144Hz display backed by a massive 5000mAh battery. But the standout feature is the asking price, with the Mi 10T Pro available for just ₹39,999 ($542), making it a standout value.
These are the screen protectors you'll want to get for your Galaxy S20 FE
The Samsung Galaxy S20 FE has arrived and is surely going to compete with the top Android phones for the months to come. If you're planning to hang onto this device for the next few years, you'll want to make sure it's protected from every angle. These are the best screen protectors for the Galaxy S20 FE that you can get today.