Android App Ratings & Reviews

Android WebView Vulnerability Reported by AVG Expert

by On September 17, 2013

android

The well known web security company AVG recently announced their latest discovery : a critical vulnerability in Android’s WebView that may allow a hacker to install malware on your droid device.

WebView is an essential feature in Android (or iOS for that matter) that enables your apps to display your content from the online resources and also makes it easy for your smart device to perform network requests, like parsing/rendering data.

A security expert from AVG just revealed that Android’s WebView has a critical vulnerability that, if exploited by a hacker, will allow the perpetrator to install malicious programs on your droid or to send SMS etc.

Because WebView works with various API’s in order to interact with online web content, this allows the user to basically view an online application as a part of an Android app.

The malware works by clicking on an infected link that uses a vulnerable app which opens a Java application in your browser or on a webpage.  It is basically a Java vulnerability,  using commands in the JavaScript code and it permits the attacker to install malware on your device or to send SMS, steal your private data and the like.

android

In order to exploit this vulnerability, the hacker must convince the victim to click on an infected link from a vulnerable  WebView app and that will start a JavaScript malware contained on the same webpage. Sounds pretty complicated, I know.

What you need to know actually is that all the apps that run on Android 4.1 or older are prone to this Java exploit. In order to be safe, you should upgrade to Android 4.2 or higher and obviously, don’t get your Android apps from shady sources, you should use Google Play for that.

Comments