Google responds to QuadRooter Android bug; says most users are protected

Recently news was going around that an Android bug named QuadRooter had affected close to 900 mn Android smartphone users. According to Google, users should not worry about this threat.

While Google acknowledges the reported threats, it says that the company’s Verify App feature on the Play store already blocks the apps that are trying to take advantage of the QuadRooter.

Speaking to Android Central, Google spokesperson gave this statement, “We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.”

Check Point Software technologies unveiled the research detailing the vulnerability that is said to affect over 900 million devices running Android. The company reported the four vulnerabilities to Qualcomm back in April. These vulnerabilities affect the smartphone drivers which control the communication between multiple chipsets components. According to Check Point, users should be on the latest Android OS version to avoid these vulnerabilities, as well as not side-load any Android app.

Latest devices in the market including Google Nexus 5X / 6 / 6P, HTC 10, LG G5, OnePlus 3, Moto X (2016), Samsung Galaxy S7 / S7 Edge including the most secure BlackBerry DTEK50 is also affected by the flaw. Even the secure BlackPhone 1 and 2 have been affected by this flaw, states The Inquirer.

According to Google, three out of the four vulnerabilities have already been fixed in the August Android OS security patch and the fourth one would be fixed in the September security update.

While Verify Apps is a feature that is on by default for those using Android 5.0 and up devices, the older handsets running Jelly Bean version will have to manually switch on the ‘Verify Apps’ feature in settings.

Share: