Every update of Android brings new features to the table, which are certainly helpful, both for general use and for security. To give Android users more peace of mind, Google has updated Android O with better defenses against mobile ransomware.
The first developer preview of Google’s latest mobile operating system, Android O, has been released. As usual, the newest version of Android has several new features and updates. One of those updates has a direct impact on many Android ransomware threats.
Android ransomware using system-type windows will no longer work on devices running Google’s latest mobile operating system, even if the relevant permission has been granted by the device’s user.
Android O has deprecated the following window types:
In Android O, even if the malware draws the TYPE_SYSTEM window, the user can pull down the system settings from the top of the screen and “TURN OFF” the app causing the trouble.
One of the most common techniques used by Android ransomware is to draw a system-level window using one of the previously listed window types. This makes it so that the locked screen appears on top of all other windows on the device, effectively rendering the device unusable until the ransom is paid. This ability, when combined with auto start functionalities backed by a background service responsible for monitoring the malware’s sustained execution, has been a problem for Android users.
In past releases, Android restricted rogue applications using this functionality by moving the permission required to draw such windows, “SYSTEM_ALERT_WINDOW”, to the “above dangerous” category. While this move made it difficult for malware to obtain the permission, there were backward compatibility escape routes available as the new dynamic permission model was enforced only if the app was targeting Android Marshmallow and above. Only certain OEMs moved this permission to the “above dangerous” category and did not grant it by default even when the apps were not targeted to run on Android Marshmallow.
The move by Android O to deprecate certain system-type windows makes it much more difficult for some ransomware to function.
Symantec recommends users follow these best practices to stay protected from mobile threats:
- Keep your software up to date
- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data