There is no such thing as a perfectly secure operating system; it’s just a matter of the severity of the problems you have and how your developers react to them. Android has greatly improved security in recent versions, but now, Microsoft warns that that is not enough and that Google has to do something about it.
The discovery published by Microsoft researchers reveals a new type of attack, called “Dirty Stream”, that could be used by malicious apps to modify the ones we have installed on our mobile without our permission; and once they achieve that, anything is possible: they could turn apps into ‘viruses’ or steal your data.
The worst news is that, according to Microsoft’s calculations, the apps vulnerable to this attack number in the billions; and among them is the Xiaomi files app which comes pre-installed on all your phones and those of Redmi and POCO.
This is how they could attack our mobile
“Dirty Stream” is an attack that, ironically, takes advantage of the way Android prevents private information from being accessed in apps. All the apps that run on our mobile do it in isolation with its own ‘space’ in memory to prevent other apps from being able, for example, to read information from our bank account or the passwords to our accounts.
The problem occurs when the apps use this system incorrectly, something that is apparently more common than it should be. If developers make mistakes in implementing this ‘safe space’, they are actually opening the door for a malicious app to trick them by sending them what looks like a file, but is actually code execution. That code can take control, either by installing other apps or by stealing data from the infected app and sending it over the Internet to a server controlled by the attacker.
Researchers have discovered that this incorrect implementation is very common, and that many apps available in the Google Play Store fall into this error. That includes the Xiaomi files app as we have already mentioned, in addition to the WPS Office app, one of the most popular alternatives to Microsoft Office and Google Docs.
At least, both Xiaomi and WPS responded to Microsoft researchers and they have already solved the problem in their apps; However, there is still an undetermined number of apps that continue to suffer from it. For this reason, Google has already modified the android documentation for developers to take into account.
