There is no such thing as a perfectly secure operating system; It all depends on the severity of the issues you encounter and how your developers respond to them. Android has significantly improved security in recent versions, but Microsoft is now warning that it’s not enough and Google needs to do something.
The discovery published by Microsoft researchers reveals a new type of attack, called “Dirty Stream”, which could be used by malicious applications to modify those that we have installed on our mobile without our authorization; and once they succeed, anything is possible: they could turn applications into “viruses” or steal your data.
The worst news is that, according to Microsoft calculations, the applications vulnerable to this attack number in the billions; and among them is Xiaomi files appwhich is pre-installed on all your phones and those of Redmi and POCO.
This is how they could attack our mobile
“Dirty Stream” is an attack that ironically takes advantage of the way Android prevents access to private information in apps. All the applications that work on our mobile they do it in isolationwith its own “space” in memory to prevent other applications from being able, for example, to read our bank account information or account passwords.
The problem occurs when applications they are using this system incorrectly, something that is apparently more common than it should be. If developers make mistakes in implementing this “safe space”, they are actually opening the door for a malicious application to trick them into sending them what looks like a file, but is actually a code execution . This code can take control, either by installing other applications or by stealing data from the infected application and sending it over the Internet to a server controlled by the attacker.
Researchers have found that this incorrect implementation is very common and many apps available on the Google Play Store fall into this error. This includes the Xiaomi Files app, as we already mentioned, in addition to the WPS Office app, one of the most popular alternatives to Microsoft Office and Google Docs.
At least Xiaomi and WPS responded to Microsoft researchers and They have already fixed the problem in their apps; However, an unknown number of applications continue to suffer from this. For this reason, Google has already modified the Android documentation, so that developers take this into account.