The Check Point Mobile Research Team reported earlier this month that they’d discovered a flaw in Google’s permissions model for apps installed from the Play Store. These permissions are intended to prevent apps from gaining access to protected areas of the phone, but one permission can allow malicious apps to display messages on top of all other apps.

While this does not allow them to directly infect the phone, it can display ransomware-like messages, such as the one found in the recent WannaCry outbreak, that claim your phone has been encrypted and requires payment to decrypt it. Other methods such as “click-jacking,” where a link will pop up just before you tap the screen, or simple advertising pop ups have also been observed.

Upon Check Point bringing this flaw to Google’s attention, Google revealed they are currently aware of the issue, and intend to resolve it in the upcoming next iteration of Android: Android O. Android’s current update model does not allow for an issue of this nature to be resolved, and so it will remain a vulnerability for all devices running Android Marshmallow or Lollipop.

The Google Play Store has algorithms that automatically detect some apps of malicious nature, but there are always those that slip through the cracks.

The best way to avoid becoming a victim of an attack via this permission is to be vigilant in the apps you install. Always check user reviews on the app, and if you’re still unsure, you can find the permission listed as “draw over other apps” in the permission details at the bottom of the app’s store page.

If you believe your users might be at risk of becoming infected by apps utilising this permission, please contact the Altitude Innovations Team for advice on how to prevent these apps ever making it on to your users’ smartphones.