Ransomware is a reality for mobile devices and the effects are the same as those suffered by users of desktop computers. Developers are aware that they must take action on the issue and act. Google has been the first to move tab and has made changes to the current versions and more changes are expected in Android O.
With respect to the current versions, Mountain View have already applied some changes, which mainly affect the notification system. They have eliminated three pop-ups that appeared above any application, no matter what application it was. TYPE_SYSTEM_ALERT, TYPE_SYSTEM_ERROR and TYPE_SYSTEM_OVERLAY were used in the ransomware attacks, hence Google were forced eliminate them.
The reason for making this decision lies in the use of these ‘windows’ for other purposes. That is, the threat gets administrator permissions and thus they use the operating system without any limitation. For this reason, Google has punched the table and since version 6.0 this type of windows are no longer available.
Review of operating system permissions
First, from the US company they wanted to give a screw-down to the permit system. At present there were two classes: normal and dangerous. While the first refers to access basic functions of the operating system, the second should be offered by the user through a confirmation window. The second one was modified, giving way to an additional one that could be classified as “very dangerous”.
With this last category Google wanted to group all aspects of the operating system that are considered critical, preventing a threat from making use of them for administrative privileges.
Android O’s defense system against ransomware
To root out these problems, the user will have a function that will disable intrusive alerts and application pop-ups, that’s the behavior of ransomware on Android devices. Since March a beta version is available with this feature that users can activate from the existing shortcuts in the top drop-down menu.
This is very useful, but for security experts it seems insufficient and requires user intervention. They point that a defense system is needed to prevent the device from being affected by such software threats. The security system very similar to an antivirus solution but is integrated into the Android operating system and is transparent to the user and obviously not required to intervene.
With the release of the 7.x versions of the mobile operating system, security was improved in some aspects related to malware. For example, the password change of device access was restricted so that it could not be hijacked by malicious software.