Google's Statement on Root Access Flaws and Security Patches
Google's Statement on Root Access Flaws and Security Patches
A large amount of android user-base clearly relies on rooting their devices to gain access to deeper levels of operation in their systems. This is because rooting their devices allows greater control of the system and some applications which they'd definitely love using are restricted to rooted-only devices. Some of the cons of rooting is that changes at root level can actually induce damages sometimes irreparable or even inabilities which you might not want to have.
About a week back, Google sent an android security notice about a flaw in android systems which can result in applications gaining root access in devices. It resulted in ability to take control of devices at the extreme resulting in device compromise. This is however not a new issue since the existence of this flaw goes back to a couple of years when it was first found. Recently, apps which made its way to the Play store is now noted to take advantage of the vulnerability.
Although google's statement makes it clear that this doesn't seem to be the intent of the app, it still is unfortunate. The cautionary advice to android owners has been further advised about the outcome and remedy of the situation. An 18th march post states that a fix for this flaw has already been initiated as a part of monthly updates for devices running Google's latest operating system, Marshmallow.
The recently noted app access has now been escalated to the android security teams deeming it as "critically severe" and a new security update is in the process of being put together for all Nexus devices and will be rolled out immediately.
The patch has been passed on to manufacturers also so that they can look it up and apply the same to their respective devices in some time. This means that if you are running a device which has it's updates due later than March 18th, your device is still technically vulnerable. This doesn't necessarily mean that the fix is included and likely does not partner manufacturer updates since those will take time to be rolled out.
