Android
Android UI design issues could make your device vulnerable to attacks. In this photo, a 3D printed Android logo is seen in front of a displayed cyber code in this illustration taken March 22, 2016. Reuters/Dado Ruvic

Android, being an open source operating system and currently the largest one, is susceptible to attacks. A team of security experts have recently exposed vulnerabilities in the Android user interface.

According to their website, these attacks, which they call “Cloak and Dagger” take place due to design issues in the Android user interface, which can leave devices susceptible to cyberattacks. Cyber criminals can use these flaws to steal passwords from Android 7.1.2 or earlier versions of the operating system.

Read: Android Malware: Cloak And Dagger Attack Can Secretly Record User Activity

Cloak and Dagger attacks take place using malicious apps, which are then used to access the device. The app only requires two permissions to run:

Draw on top: This permission lets the app draw windows or other app elements on the top of others.

A11Y: This one is disguised as an assistive interface feature, designed for users with disabilities.

Once both permissions are granted, hackers have a wide control of your device — they can register every word you type and thereby get all your private data including passwords. Once the door is opened to one app, it can lead to subsequent installations of other malicious apps on your device, without your permission.

The hack works smoothly without alerting users since it requires permissions which are different from the usual location and Wi-Fi usage.

The team behind the project has posted a video showing how an attack can happen:

While the vulnerability hasn’t been the source of any attack yet, the information has been presented to Google, upon which the company has stated the vulnerability would be properly treated in the upcoming version of Android – Android O, which is expected to release in October this year.

“We've been in close touch with the researchers and, as always, we appreciate their efforts to help keep our users safer. We have updated Google Play Protect — our security services on all Android devices with Google Play — to detect and prevent the installation of these apps. Prior to this report, we had already built new security protections into Android O that will further strengthen our protection from these issues moving forward," a Google spokesperson told Mashable.

It is important to be careful while installing apps. It is advisable for users to download apps from trusted developers and read the reviews of any apps before installing. Another step a user can take, is update their devices regularly. Apart from annual software updates, Google issues monthly security patches, which remove vulnerabilities and provide bug fixes.

Read: Android O Beta Release Date: 9 Features Announced At Google I/O 2017

You can also take better care while granting permissions to apps. If you have a device with Android 7.1.2 or earlier version of Android, you can switch off the “draw on top” permission by navigating to Settings > Apps > Settings > Special Access > Draw over apps. You can turn off the a11y permission by navigating to Settings > Accessibility > Services.