It seems that there is a security vulnerability in Android that can let malware phish your passwords with a fake login screen for example.
"The vulnerability makes it possible for a malicious app to ask for permissions while pretending to be the legitimate app. An attacker can ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.
The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using."
https://promon.co/security-news/strandhogg/
https://lifehacker.com/how-to-tell-if-an-android-app-is-strandhogg-malware-in-1840172627
Steve Gibson on "Security Now" (starts at 1 hr 41 minutes into the video)
https://twit.tv/shows/security-now/episodes/743
Is there a way for a B4A app to protect itself against this? Or do we have to wait for an Android update to solve it? Or should we just ignore it?
"The vulnerability makes it possible for a malicious app to ask for permissions while pretending to be the legitimate app. An attacker can ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.
The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using."
https://promon.co/security-news/strandhogg/
https://lifehacker.com/how-to-tell-if-an-android-app-is-strandhogg-malware-in-1840172627
Steve Gibson on "Security Now" (starts at 1 hr 41 minutes into the video)
https://twit.tv/shows/security-now/episodes/743
Is there a way for a B4A app to protect itself against this? Or do we have to wait for an Android update to solve it? Or should we just ignore it?
Last edited:
