QuadRooter, the name given to a set of 4 vulnerabilities in Qualcomm-based Android devices, has been spooking the world with claims that over 90% of Android products are vulnerable to being attacked thanks to the flaw. The panic has reached such heights now that Google itself has stepped into the fray to assure people that their phones are safe.
To recap, security firm Check Point first highlighted QuadRooter in a report earlier this week. According to the company, these 4 vulnerabilities can be manipulated by hackers via a malicious app which could gain root access and remotely control a person’s handset.
Google has now issued a statement regarding the QuadRooter scare, telling Android Central that its most recent security patch protects against 3 out of 4 of these flaws. The last one, dubbed CVE-2016-5340, is set to be beamed out in an upcoming Android security bulletin.
Handset makers don’t even have to wait for Google to send out the fix, since they can reference the public patch Qualcomm has supplied. The search behemoth also pointed out that attackers can only exploit QuadRooter if people download and install a dangerous app from shady sources.
Furthermore, Google’s own Verify Apps and SafetyNet protections specifically identify, block and eliminate applications which take advantage of vulnerabilities like QuadRooter. The former is notably switched on by default for devices running Android 4.2 Jelly Bean and up, which translates to almost 90% of active Android gadgets.
Verify Apps basically makes sure that even if a user does download a malicious app designed to exploit QuadRooter, the tool would display an ‘Installation has been blocked’ message with no option to dismiss the alert and force install it. The feature has been around for 4 years now, so the chances of an application slipping through the cracks are slim.