Microsoft has put Google in the red again. The company that owns Windows has conducted an investigation to determine that some 4 billion Android users were in danger. The reason? A series of apps published in the Play Store had a quite serious vulnerability.
Although Microsoft did not want to reveal the official list of apps, it has given two examples to understand the level of popularity and the number of downloads they can entail. The report exposes the Xiaomi mobile file explorer now WPS Officetwo well-known applications that add up to 1.5 billion installations.
After Microsoft’s statement, Android announced on its website developers vulnerability, a fact that has led to an update in most of the affected apps to close the open door and end the problem.
A serious vulnerability in Android that no one had noticed
Microsoft has not provided the information, so it is not known How long has this problem been rampant in the Play Store?. What we do know is what door the vulnerability left open to pose a significant risk to users. According to the report, the affected apps could be attacked easily by other applications installed on the device.
“The malicious application can overwrite a native library with malicious code that is executed when the library is loaded,” Microsoft says in its Blog. In other words, they indicate that the applications left the door open for run malware from other apps Android.
In this way, malicious applications could camouflage their actions and make systems such as Play Protect believe that the action came from another facility. Microsoft emphasizes the serious security problem this represents, especially knowing that the vulnerability is present in extremely popular services. In fact, the sum of the affected apps gives a total of 4 billion downloads.
Google notified developers to fix the problem
Luckily, everything indicates that The problem would be solved in a large part of the affected apps. Microsoft contacted Google to notify its developers, something it did in February of this year. Android has not confirmed that the less relevant apps have made the relevant changes, so it is not possible to announce the total elimination of the vulnerability in the Play Store catalog.
As a user, there is little you can do about these cases, although having the applications as updated as possible and installing Android security patches are a good way to fight against these vulnerabilities that, to this day, continue to be a headache for Google and Play Protect.
