|
|
|
|
|
|
by xigma
2849 days ago
|
|
|
So, a "feature" in the installer allows an already installed malicious app to install even more malicious apps. That new malicious app then gets to somehow have more permissions than the original malicious app or the installer. Guys, that's an Android bug. This is exactly the kind of thing that needs to be fixed at an OS level, you can't be relying on the competence of arbitrary developers to maintain the security of the system. Of course it's an opportunity for Google to use their own broken security model as an argument on why apps should only come from their own "curated" channels (which presumably also host the malware exploiting this). It just so happens to be their source of revenue... |
|
|
There are two ways to fix this. One is to not permit dynamic code loading or app installs off the Play Store. This is Apple territory and pisses people the hell off. The other is to not have any world writable filesystem at all. I guess you could do this, but this messes with features surrounding music and pictures that you do want to share between apps.
Epic literally could have used the private filesystem that is right there just for the purpose of having files that are protected from other apps.