New Android Browser Bug Discovered
Attention Android users a new bug is on the loose that could turn into a serious invasion of your privacy. The bug was discovered in the pre-Android 4.4 browser app. This bug can evade the AOSP browser’s SOP browser security. Why is this bug so dangerous? If your device is infected with the bug and you visit a web page controlled by a spammer that person can peek into the contents of any web page through your browser. Also, if your webmail is open in another window and you visit an attacker’s website. The attacker can scrape your email information and see everything your browser sees. Furthermore, the attacker can hijack your session; snag a copy of your cookies, and start reading and sending email from you.
AOSP is an older browser.
The AOSP browser isn’t supported by Google any longer and has been replaced with Chrome. We all know that being old and unsupported doesn’t mean it is obsolete. Take Windows XP as an example. Microsoft announced they no longer support this OS but, still many users prefer XP to the newest version of Windows 8. Also, consider that 75 percent of Androids use the pre 4.4 browsers and many uses the 4.2 Jelly Bean OS.
What is the solution to this bug?
One way to protect yourself against this bug is to stop using the AOSP browser that is installed on your device. However, we all know this will never work. People are creatures of habit and use what they like and are accustomed to using. According to reports from SC Magazine, the AOSP is the preferred browser for tech savvy users. The AOSP browser works quicker and is a stripped-down browser. Furthermore, Google claims they no longer support the AOSP browser but, when searching to download the browser for your phone. The download pages never mentions that Google no longer supports this browser.
What does this bug mean for corporations?
If your company supports BYOD you need to warn your employees that use the pre-4.4 versions on their Androids. According to Dennis Fisher the bug was discovered several weeks ago but nobody knows how long this bug has gone undetected. Your company sensitive information and data are at risk from your employees who use older versions of Androids and AOSP.