The good news in this month’s Android patches is that even though Google’s own updates close off numerous elevation of privilege (EoP) holes, there aren’t any remote code execution bugs on the list.
The bad news, of course, is that EoP bugs that directly lead to root access, without any tell-tale signs, make it easy for unscrupulous apps to suck up more data, and snoop on more aspects of your online life, that you might ever expect.
With escalate-to-root exploit code hidden inside, even an otherwise perfectly useful but apparently basic app – offering functionality such as a flashlight or a simple compass, for example, or any of thousands of other innocent-looking “cover stories” – could end up being a front for spyware or a data logging tool.
Unfortunately, even Google’s much-vaunted Play Store can’t always keep you malware-free on its own, with untrustworthy apps regularly sneaking through the automated vetting processes that’s supposed to detect software that egregiously oversteps the mark when it comes to privacy, security or both.
Nevertheless, if you go off-market, things can get much more dangerous, not least because there are many unofficial Android app stores out there where pretty much anything goes, including some app repositories that deliberately pitch themselves as a handy place to get at software that Google “doesn’t want you to have”.
Who would do that?
As an aside, you might think that no one would deliberately seek out…
