2 min read

Google Strikes Back at Ransomware with Android 8.O


April 25, 2017

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Google Strikes Back at Ransomware with Android 8.O

Google is adding an important extra layer of security in its all-new Android operating system. Android 8.0, to be unveiled at the company”s I/O conference next month, will be better at fending off ransomware – the #1 malware threat targeting Android users.

For two years, Google has been trying hard to thwart ransomware attacks on Android devices. The Internet giant wants to put another nail in ransomware”s coffin by equipping its upcoming Android O with behavioral tweaks to prevent ordinary (non-system) applications from messing with system alerts.

“Ransomware does everything opposite of what the Android security model says apps should do,” malware analyst Elena Kovakina tells InfoWorld. To block ransomware attacks, Google is taking such measures as deprecating APIs, strengthening app protection and removing certain functions. Several such improvements were deployed in Android 7.0 “Nougat,” and more are slated for version 8.0, expected to be in the hands of users worldwide following the I/O showcase.

Kovakina, who is with Google”s Android security team, says they”ve typically used API deprecation to tackle the ransomware problem. The best example is the DeviceAdmin API that hackers have leveraged to carry out their attacks 70% of the time.

DeviceAdmin grants admin privileges to management tools and security apps. A carefully crafted piece of malicious code would do the same thing, but for completely different reasons, such as ransomware. A typical attack was characterized by repeatedly displaying the DeviceAdmin dialog, forcing the user to grant the malware administrator access to make it go away. Google thus equipped Android Nougat with an option to uninstall apps exhibiting such behavior before they could access the phone”s system management tools. Android O will further up the anti-ransomware ante with a completely overhauled DeviceAdmin API packing a new layer of defenses.

Apps using the O SDK will no longer be allowed to call on window types TYPE_PHONE, TYPE_PRIORITY_PHONE, TYPE_SYSTEM_ALERT, TYPE_SYSTEM_OVERLAY, or TYPE_SYSTEM_ERROR to control the kind of windows displayed on top of running apps. Windows will also be z-ordered below the new TYPE_APPLICATION_OVERLAY windows, as apps using older SDK versions will obviously still have access to the old window types. Regardless of what window type they use, all apps using the SYSTEM_ALERT_WINDOW permission will now sport an ongoing low-priority notification and an option to switch away at any time.

Google knows the fight against ransomware – and malware in general – will not end here, as cybercrooks always find new ways to circumvent defenses. And since users are not always quick to update to the latest Android OS, the company is taking extra steps to detect ransomware by means of a new and improved Verify Apps tool. Kovakina says Verify Apps now blocks suspected ransomware apps, instead of just warning the user against downloading a potential piece of ransomware.

As a cautionary note, Bitdefender strongly advises against installing apps from unfamiliar sources. And be wary of what apps ask for what permissions on your device. For complete peace of mind, use Bitdefender”s Mobile Security & Antivirus.

On the desktop side, ransomware targeting Windows users has inflicted substantial financial losses in recent years, with almost half of victims ending up paying to recover their files. Always be wary of any apps that insist on being granted one too many permissions, one too many times, regardless of your platform.

Have you ever been hit with a ransomware attack? Let us know in the comments.




Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.

View all posts

You might also like