The Google app, which has been downloaded 19.8 million times from the Play Store, gives users instant access to the web, find answers to questions, and search for local weather and traffic reports.
However, according to a security expert, it can also hand over huge personal details including the complete web history to hackers. Sergey Tushin, from cyber threat firm Oversecured, revealed a vulnerability in the Google app that could provide thieves with a convenient way to steal data from a device.
All the hackers need to do is get Android users to install a fake app on their device, which, once you open it, will start infiltrating the Google app and stealing all the personal data inside.
As Tushin explains: “While locking pre-installed apps on Android devices, we detected persistent arbitrary code execution in the Google app. This could have allowed any app installed on the device itself, to steal arbitrary data from it, for example, a user's search history. Voice assistant interaction data, mail, and application rights interception, including access to read and send SMS messages, contacts, call history (as well as making and receiving calls), calendar, microphone, camera, location and Bluetooth.
Thankfully, Google fixed the problem, but it's a good example of how personal data can easily end up in the wrong hands.
Speaking to TechCrunch, a Google spokesperson confirmed that the vulnerability is no longer active and there is no evidence that it was ever used to hack smartphones. Besides Google, Tushin said a similar issue was discovered within the TikTok app.
Although this latest threat has passed unaffected by millions, attacks on Android continue to occur at an alarming rate, with hackers relying on a number of tricks to infiltrate devices and steal money or data from users.
According to AVAST, the main problem facing Android users comes from adware, which has made up about 45% of the threats so far this year. Although adware does not steal data, it can fill devices with highly intrusive ads that can render phones almost unusable.
The next big threat comes from fake apps that look very authentic, but once downloaded, can spy on the user to expose them to ads or other malicious activity.
Source: Express
