A newly discovered vulnerability in the Android operating system could expose hundreds of millions of smartphone and tablet users to malicious software, according to research from a cybersecurity firm. The potential harm of the bug that security company has named "Android Installer Hijacking" is vast: more than 1 billion people worldwide are active Android users.-Palo Alto Networks said it informed Google of the problem a year ago, and worked with Google, Amazon, and-Samsung, which also has a popular Android app store, to release patches. Android Installer Hijacking works by tampering with the installation process, allowing an attacker to install any program in place of the app a user thinks they are installing. This could mean one app is replaced with a completely different app or, worse, a seemingly harmless app is replaced with a more malicious version of itself.-The vulnerability does this by circumventing the permissions process, which allows users to limit how apps interact with the phone.

More...