The discovery of QuadRooter is one of the biggest security threats to Android users since Stagefright. Security firm Check Point Software has released a tool to help people determine if their phones are at risk, but Google says that it is already able to block apps with the QuadRooter exploit.
The Verify Apps feature of Google Play Services is able to detect and block any apps that feature QuadRooter. As the exploit has to be delivered via an app, this effectively protects the vast majority of handsets that are threatened.
QuadRooter is actually a series of four individual vulnerabilities, and Google currently offers protection against three of them. An update will roll out shortly that shores up defenses even further, but of course this is dependent on individual handsets being eligible for security updates.
What this means is to even have a chance to get ‘infected’ you will have to enable “Unknown Sources” which is disabled by default, install an app from a nefarious source, disable ‘Verify Apps’ which is present and enabled by default since Android 4.2 and be hopeful. But we’re sure nobody really wants to get infected.
In a statement to Android Central, Google said:
We appreciate Check Point’s research as it helps improve the safety of the broader mobile ecosystem. Android devices with our most recent security patch level are already protected against three of these four vulnerabilities. The fourth vulnerability, CVE-2016-5340, will be addressed in an upcoming Android security bulletin, though Android partners can take action sooner by referencing the public patch Qualcomm has provided. Exploitation of these issues depends on users also downloading and installing a malicious application. Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.
This is still no excuse for having such a flaw in the first place and the in-ability of the OEMs or just a lack of interest in filling up this hole in Android’s security. But at least most android devices are protected from this since Google Play services is an essential part of most android devices. Its worth noting though that a huge number of android devices, such as the ones in China, do not come with Google Play Services pre-installed.
“Verify Apps is on by default in Android 4.2 and up, which accounts for 90% of active Android devices.” -Andoid Central
All in all, QuadRooter is an issue, but one that is very unlikely to affect the vast majority of Android users, as there are several security steps already in place to project most of us. So unless you install apps from untrusted sources and disable ‘verify apps’ you shouldn’t be very worried. If you’re one of those that disable these sequential security layers on android then that should be your cue.