New Android vulnerability allows apps to bypass permission checks and access broadcast system information

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A new vulnerability has been discovered by Nightwatch Cybersecurity which allows apps to bypass permission checks and existing mitigations to access system broadcast information. The vulnerability affects all the Android versions including forked Android except Android Pie. It looks like Google has fixed the issue with Android Pie but it still exists in older Android versions.

expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. A rogue app gaining access to this information can use it to identify and track any Android device , and even geolocate it. Accessing other network information could also allow malicious apps to explore and attack the local WiFi network

– Nightwatch Cybersecurity Report

According to the report, the apps can access sensitive information like Wi-FI name, IP Addresses, etc which can be used to track any Android device. As mentioned, Google does know about the issue and has fixed it in Android Pie but unfortunately, Google “does not plan to fix older versions”, says Nightwatch Cybersecurity.

Via: Pocket Now

User forum

0 messages