Edgar Cervantes / Android Authority
TL; Dr
- Microsoft has discovered a security vulnerability affecting Android apps called “Dirty Stream.”
- This could allow attackers to execute malicious code in popular applications, potentially leading to data theft.
- The vulnerability is widespread, with Microsoft identifying vulnerable apps that have billions of combined installations.
Microsoft has revealed a critical security flaw that potentially affects countless Android apps. Dubbed “Dirty Flow”, this vulnerability poses a serious threat that could allow someone to take control of applications and steal valuable user information. (h/t: A glowing computer)
The heart of the Dirty Stream vulnerability lies in the potential for malicious Android apps to manipulate and abuse the Android content provider system. This system is typically designed to facilitate secure data exchange between different applications on a device. It includes safeguards such as strict data isolation, use of permissions attached to specific Uniform Resource Identifiers (URIs), and comprehensive file path validation to prevent unauthorized access.
However, careless application of this system can open the door to exploitation. Microsoft researchers have discovered that improper use of “custom intents” — the messaging system that allows Android app components to communicate — can reveal sensitive areas of an app. For example, vulnerable applications may fail to adequately validate file names or paths, allowing a malicious application to inject malicious code masquerading as legitimate files.
What is the threat?
By exploiting the Dirty Stream flaw, an attacker could trick a vulnerable application into overwriting critical files on its private storage space. Such an attack scenario could result in an attacker seizing complete control over application behavior, gaining unauthorized access to sensitive user data, or intercepting personal login information.
Microsoft’s investigation revealed that this vulnerability is not an isolated issue, as the research found incorrect implementations of the content provider system prevalent in many popular Android apps. Two notable examples are Xiaomi’s File Manager app, which has over one billion installs, and WPS Office, which boasts around 500 million installs.
Microsoft researcher Dimitrios Valsamaras highlighted the staggering number of devices at risk, saying, “We have identified several vulnerable apps in the Google Play Store that represent over four billion installations.”
Microsoft has proactively shared its findings, alerting developers to potentially vulnerable apps and working with them to implement fixes. Both companies mentioned above immediately acknowledged the identified problems in their software.
Additionally, Google has taken steps to prevent similar vulnerabilities in the future by updating its app security guidelines, now placing additional emphasis on exploitable common design flaws in content providers.
What can Android users do?
As developers scramble to find and patch vulnerable apps, Android users can take some simple precautions. Staying vigilant with app updates is crucial, as developers are likely to release fixes quickly.
Also, it is recommended that you always download apps from the official Google Play Store and be very careful when downloading from unofficial sources, which are more likely to contain malicious apps.
