The Google application for the Android operating system, which has been installed by more than five billion users, had a vulnerability that could have allowed an attacker to quietly steal personal data from a victim's device.

The problem was reported by Sergey Toshin, founder of the Oversecured startup. According to the expert, the flaw resides in the way the Google application interacts with third-party code.

Many Android applications (including “Google”) deliberately reduce their size for downloading and running on the system. To do this, the software relies on libraries that are already installed on the device.

However, the vulnerability found in the code of the Google application could allow to push a library of malicious software instead of harmless one. In this case, the malware installed on the mobile device could inherit the Google app’s permissions and gain near-complete access to a user's data.

For example, using this trick, the operator of the malicious software could access to the Google account, search history, email, text messages, contacts and call history, even gain access to the victim's location, microphone and camera.

Toshin said that the malicious application would have to be launched on the user's smartphone for a successful attack. Moreover, removing the malware from the device would not remove the component from the vulnerable Google application. The developers said that they have already fixed the flaw.

Source: anti-malware.ru