New Android vulnerability allows apps to bypass permission checks and access broadcast system information

Home » Android

Reading time icon 1 min. read

Calendar icon Published on

by Anmol Mehrotra 

published on

Share this article

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A new vulnerability has been discovered by Nightwatch Cybersecurity which allows apps to bypass permission checks and existing mitigations to access system broadcast information. The vulnerability affects all the Android versions including forked Android except Android Pie. It looks like Google has fixed the issue with Android Pie but it still exists in older Android versions.

expose information about the user’s device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. A rogue app gaining access to this information can use it to identify and track any Android device , and even geolocate it. Accessing other network information could also allow malicious apps to explore and attack the local WiFi network

– Nightwatch Cybersecurity Report

According to the report, the apps can access sensitive information like Wi-FI name, IP Addresses, etc which can be used to track any Android device. As mentioned, Google does know about the issue and has fixed it in Android Pie but unfortunately, Google “does not plan to fix older versions”, says Nightwatch Cybersecurity.

Via: Pocket Now

More about the topics: android, google, security vulnerability

Anmol Mehrotra

Anmol Mehrotra Shield

Android and Windows News Reporter

Anmol covers Android and Windows news. He's a tech writer with over a decade of experience.