Another day, another new Android malware strain. Microsoft is sounding the alarm about a recently discovered critical security vulnerability on Android named “Dirty Stream” that can let malicious apps easily hijack legitimate apps. Worse still, this flaw impacts multiple apps with hundreds of millions of installs. If you have one of the best Android phones, here’s what you need to know to protect your data.
The vulnerability relates to the ContentProvider system prevalent across many popular Android apps, which manages access to structured data sets meant to be shared between different applications. It’s basically what lets your Android apps talk to one another and share files. To protect users and ward off unauthorized access, the system includes safeguards such as strict isolation of data, unique permissions attached to specific URIs (Uniform Resource Identifiers), and path validation security.
What makes the Dirty Stream vulnerability so devious is how it manipulates this system. Microsoft has found that hackers can create “custom intents,” messaging objects that facilitate communication between components across Android apps, to bypass these security measures. By exploiting this loophole, malicious apps can send a file with a manipulated filename or path to another app using a custom intent, sneaking in harmful code disguised as legitimate files.
From there, a hacker could trick a vulnerable app into overwriting critical files within its private storage space — and the results can be devastating. As BleepingComputer put it, Dirty Stream essentially turns a common OS-level function into a weaponized tool to execute unauthorized code, steal data, and even hijack an app while the user is none the wiser.
“Arbitrary code execution can provide a threat actor with full control over an application’s behavior,” Microsoft said in a security bulletin this week. “Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data.”
How widespread is this threat?
Microsoft’s investigation found that this vulnerability is not an isolated issue. The company uncovered incorrect implementations of the content provider system prevalent across many popular Android apps.
“We identified several vulnerable applications in the Google Play Store that represented over four billion installations,” Microsoft explained. “We anticipate that the vulnerability pattern could be found in other applications.”
Microsoft gives two examples of popular apps that were susceptible to this risk that have since been patched: Xiaomi Inc.’s File Manager (1B+ installs) and WPS Office (500M+ installs).
Given the nature of how this vulnerability works, it’s hard to know exactly how many other legitimate apps may have been impacted. But it’s safe to assume this potential risk is on an industrial scale until all apps are patched.
How to stay safe from Android malware
To steer clear of potentially harmful malware infecting your Android device, the first and easiest step is to avoid sideloading apps altogether. While it might seem convenient, and certain apps may require sideloading, the majority of people can find what they need on official app stores like Google Play Store, Samsung Galaxy Store, or Amazon Appstore.
The reason you don’t want to sideload apps is that they don’t go through the same stringent security checks that apps hosted on official stores do. This is why it’s crucial to rely on reputable sources for app downloads to keep your device safe from malware.
Next, you should ensure Google Play Protect is enabled on your Android smartphone. It comes pre-installed on most phones with the Play Store, and it actively scans both existing and newly downloaded apps for viruses. Likewise, you can also install one of the best Android antivirus apps for additional protection and extra features to help keep you safer online.