The first developer preview of Google’s latest mobile operating system, Android O, has been released. This newest version of the OS has several new features and updates. One of those updates has a direct impact on the functionality of many Android ransomware threats.
Symantec reports that Android ransomware using system-type windows will no longer work on devices running Google’s latest mobile operating system, even if the relevant permission has been granted by the device’s user.
Android O has deprecated the following window types:
- TYPE_SYSTEM_ALERT
- TYPE_SYSTEM_ERROR
- TYPE_SYSTEM_OVERLAY
In Android O, even if the malware draws the TYPE_SYSTEM window, the user can pull down the system settings from the top of the screen and “TURN OFF” the app causing the trouble.
The move by Android O to deprecate certain system-type windows makes it much more difficult for some ransomware to function.
Android O is set to make life more difficult for ransomware authors as Google continues to improve its mobile operating system, continuously building on previous security enhancements. The changes implemented in Android O will deal a significant blow to Android ransomware. However, not all devices will receive the latest Android update and those stuck on older versions will remain at risk from ransomware using the tactics mentioned in this blog.
It should also be noted that while the new OS features should prove to be a good defense against ransomware variants that use system alert windows, they will not affect other ransomware threats such as those that constantly pop up the lock screen using user level windows.
Symantec recommends users follow these best practices to stay protected from mobile threats:
- Keep your software up to date
- Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources
- Pay close attention to the permissions requested by apps
- Install a suitable mobile security app, such as Norton, to protect your device and data
- Make frequent backups of important data