Android’s issues with malware are long running. We're now years and years into the operating system's life and it seems Google is no closer to getting a grip on them.
In fact, today it looks like things have taken a turn for the worse, with mobile security researchers Lookout discovering a new bug which is apparently so virulent that it’s virtually impossible to delete from infected devices.
So, what exactly is this bug? And how can you ensure that your phone doesn’t wind up as one of this affected? Read on and we’ll tell you everything you need to know.
How does it work?
Lookout says that this latest Android malware appears to be the most sophisticated yet.
Hackers have found a way to place aggressive adware on popular apps which looks no different to their legitimate counterparts.
These are able not only to serve ads that you don’t want to see, but also bury deep into the operating system, becoming a system application which can access passwords and data from any app installed on a device.
Usually, third-party apps are prevented from accessing other apps’ data thanks to a feature called sandboxing.
How many apps are affected?
A lot. Lookout says it has detected as many as 20,000 occurrences of this new malware.
Worryingly, it appears to have found its way into versions of hugely popular apps, including the likes of Twitter, Snapchat, Facebook, NYTimes and even Google Now.
These apps function as normal and users may not be aware they are affected.
The hackers appear to have placed the code within apps found for sale in Google Play, putting them up for grabs on third-party app stores which offer Android apps. There is no suggestion that Google Play itself has been breached.
3 What has Google said?
Nothing yet. The company is already moving towards offering monthly security updates to all Android phones, in the wake of a previous malware scandal which erupted over the summer.
However, those updates require carrier approval, leaving some users vulnerable to attack in the meantime.
4 How can you get rid of it?
This is where things get difficult. Because this new malware is so powerful and is able to install itself as a system application, on a par with the operating system itself, getting rid of it is virtually impossible.
Lookout says that a simple factory reset just won’t do. Either you’ll need to flash the drive at your local phone shop, or buy an entirely new device.
Not ideal if you’ve just shelled out on a top–of–the–range Galaxy S6 Edge or Nexus 5X.
5 How you can you stay safe?
The good news, for Brits at least, is that those affected are largely outside of this country. US and German users appear to have been hit hardest.
Lookout advises that Android users don’t install apps from third-party app stores and to stick with Google Play instead.
Third-party app stores and development kits have been the focus of many recent smartphone hacking scams, with Chinese iPhone owners hit after developers used dodgy code that wasn’t supplied by Apple.