Google Patches Pesky Android Icon Permissions Problem

by Ostatic Staff - Apr. 15, 2014

Android users should be aware of a sneaky phishing and malware scheme that FireEye mobile security researchers have uncovered. The researchers have put up a blog post about the issue, which involves a malicious app with normal protection level permissions that can probe icons on an Android home screen and then modify them to point to phishing websites or a malicious app without notifying the user. Basically, the malicious app makes very subtle modifications to the desktop, leaving hard to detect booby traps.

Android permissions are divided into several protection levels: “normal”, “dangerous”, “system”, “signature” and “development.”  Dangerous permissions “may be displayed to the user and require confirmation before proceeding, or some other approach may be taken to avoid the user automatically allowing the use of such facilities”. In contrast, normal permissions are automatically granted at installation,  “without asking for the user's explicit approval (though the user always has the option to review these permissions before installing).”

According to the FireEye post:

"We have found that certain 'normal' permissions have dangerous security impacts. Using these normal permissions, a malicious app can replace legit Android home screen icons with fake ones that point to phishing apps or websites. The ability to manipulate Android home screen icons, when abused, can help an attacker deceive the user. There’s no surprise that the permission, which allows an app to create icons, was recategorized from “normal” to “dangerous” ever since Android 4.2. Though this is an important security improvement, an attacker can still manipulate Android home screen icons using two normal permissions: and"

Google has acknowledged the vulnerability, and has released a patch to its OEM partners. The vulnerability is evidence, though, that as we all make increasing use of mobile devices, susceptibility to malware is an ongoing issue.