Keeping your Android device updated with the latest version of the mobile operating system is one of the best ways to keep your smartphone or tablet safe. Yet a new proof-of-concept exploit from a security research team shows that malicious hackers could create harmless-looking apps that lie in wait and turn on their users only when devices are updated. Researchers from the System Security Lab at Indiana University and Microsoft put together a paper on the topic, which they plan to present at the IEEE Symposium on Security and Privacy in May. The paper demonstrates that a weakness in the way Android handles app permissions makes it possible to create "sleeper" apps that become malicious after system updates.



More...