Another month, and another new vulnerability has been discovered in Android. This time around, the vulnerability is called “Quadrooter” and primarily affects devices using a Qualcomm chipset.
Quadrooter collectively comprises of four vulnerabilities that affect Qualcomm devices at the driver level. Since Qualcomm chipsets are found inside the majority of Android devices, this vulnerability instantly poses risks to millions of Android devices and their users out there.
So, how does this vulnerability work?
The vulnerability allows malicious apps to gain root access on your device, which would then provide them with access to all your personal information without you even knowing about it. However, since Google automatically removes such apps from the Google Play Store, the only way for a hacker to exploit these vulnerabilities on your Android device, is when you install a malicious app from a third-party source, which you never really should. These apps don’t even require any special permissions to install, so they might seem harmless at first glance.
It’s not all bad news, though. Out of the four vulnerabilities, Google has already patched 3 of them in its August security patch for Android. However, there is still a fourth vulnerability that is yet to be patched, which will likely only happen with the September security patch.
The problem, however, is that apart from Nexus devices, no other Android devices in the market have received the August security release update from their OEMs and some devices probably never will. This means that they will remain vulnerable to these vulnerabilities.
Quadrooter affects all versions of Android, and not just any particular version. Nonetheless, until and unless Google and your device OEM roll out a software update to patch the vulnerabilities, you should avoid installing any application from third-party sources.