Yesterday we told you about a rather scary set of vulnerabilities that could potentially threaten as many as 900 million Android devices. Known as “QuadRooter,” the set of four vulnerabilities was discovered in Qualcomm drivers, lending to how widespread the threat is. However, today we’re getting confirmation that a feature introduced way back in Android 4.2 Jelly Bean could stop QuadRooter in its tracks, and it was designed specifically for scenarios like this.
QuadRooter needs to sneak onto your device through an app, and the only way to get one of those apps onto your phone is by side-loading. Side-loading apps is a fairly common thing, but it does make devices significantly more vulnerable to malicious content than downloading an app through the Google Play Store. Google recognized this problem and, with the release of Android 4.2 Jelly Bean, rolled a “Verify Apps” option into Google Play Services, giving users a safety net when they try to install an app that can harm their devices.
In some cases, your phone will point out that the app you’re installing may be dangerous – recommending against installing it – or, in cases where the app you’re installing is known to be malicious, will block installation altogether. A Google spokesperson confirmed to Android Central that Verify Apps along with Android’s SafetyNet protections will be enough to stop dangerous apps housing the QuadRooter exploits from ever making it onto your device.
The best part is that for most users, Verify Apps will be turned on, as it’s automatically activated by default. Most users have probably never had a reason to turn it off, either, as the toggle for the setting is only available through Developer Options, a menu that is usually hidden.
Even with that in mind, it’s best to still take precautions and avoid side-loading apps until the QuadRooter exploit has been fully patched. We’re almost there, with Google confirming that three of the four exploits were patched in August’s Android security update, and that a patch for the fourth is incoming as part of September’s update.
SOURCE: Android Central