Android is the most used operating system on the market, and dominates the mobile space. Certainly, its growth did more than anything else to kill Microsoft’s Windows phone output. However, due to its open source nature, sheer availability, and other factors, Android is also vulnerable to attack.

Exploits on the OS are common and a report by MWR InfoSecurity shows that a newly discovered exploit is threatening users. Taking advantage of Android’s MediaProjection framework, the exploit trick users into recording their screen. This is achieved without user consent.

MWR InfoSecurity says the exploit is present in Android versions 5.0 Lollipop through version 7.1 Nougat. MediaProjection framework was debuted with Android 5.0. It simple allows users to capture screen contents or record audio.

As Android is an open platform, the feature is available to anyone to develop through root access. When an app wants to use MediaProjection, it will request user permission via a pop-up. Using the exploit, hackers can overlay a fake popup over the MediaProjection request.

For example, an attacker could place a popup as a welcome card to an app, but underneath would be the MediaProjection request. This would give the app and attacker access to screen and audio capture without the user’s knowledge.

Google Fix

Google already knows about this problem and has solved it for Android 8.0 Oreo. However, because of the hugely fragmented Android ecosystem, most devices are not running Oreo. The majority of users are running the affected versions (77.5%) and many will have no path to Oreo because their device is too old.

While I expect Google will roll out a patch to fix this problem, the company has not confirmed. Even then, it will be up to OEMs to ensure the update gets to users quickly.

Google has often argued that Android is secure when it leaves the company in stock form. However, manufacturer tweaks and additions compromise that security and make the OS vulnerable.