It feels like only yesterday we wrote about potential plans for Google to roll out critical system updates through the Google Play Store mechanism rather than the separate System Updates process. It restricted access to select use cases, such as when an app has been chosen by the user to be their default text message app. Google mentioned that as a result of this change, access to SMS and call logs by apps has decreased by more than 98%.
Android has been subject to some high profile security alerts, such as the Judy malware campaign which saw up to 36.5million devices infected. As it turns out, there are humans indeed at Google, and they claim to have listened to the frustration expressed by developers with regards to Android APIs and Google Play Store policies.
Every few weeks, we seem to hear a story about how an app developer is stuck with a banned account or a removed app and then running pillar to post trying to "contact a human" from Google to get more clarity on the specifics of their violation. The malware named Exodus not only have advanced spying features but also have a capability of rooting devices. Google will be now doing thorough checks before approving your apps to go live in the store.
Any Android phones that are updated recently are immune to Exodus, but to root devices malware used an exploit called DirtyCOW, which was repaired by software giant in 2016. Google issue warning to its Android phones users. Last month it was exposed that malware also make its way onto iOS devices.
In a post online IT security firm Lookout said: "For the past year, Lookout researchers have been tracking Android and iOS surveillanceware, that can exfiltrate contacts, audio recordings, photos, location, and more from devices".
The longer review process may help it address the growing tide of click-fraud apps that make it to the Play Store.
Google also have removed the nearly 25 apps found on the Google Play Store which had Exodus malware on it.
