Now Google has confirmed that a security feature first incorporated in Android 4.2 will stop the malicious apps from gaining such kind of access. The feature, called ‘Verify Apps’ is enabled by default on all Android phones running Android Jellybean or higher is designed to protect devices against exactly this kind of exploits.
The QuadRooter exploit, unlike last year’s Stagefright, requires malicious apps to be installed. For this, ‘The Unknown Sources’ needs to be enabled and the app has to be installed manually.
The ‘Verify Apps’ feature, Google confirmed, can identify and block apps that use QuadRooter.
“We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.”, a Google spokesperson told Android Authority.
The ‘Verify Apps’ feature will completely roadblock an app trying to use the QuadRooter exploit and the user will like see an error message displaying ‘Installing has been blocked’.
The ‘Verify Apps’ will save 90 per cent of active Android devices from falling prey to the exploit. For devices running Android Gingerbread and older, ‘Verify Apps’ can be enabled from the security settings.
One really has to laud Google’s preemptive efforts to block such a huge exploit.