Google’s take on Quadrooter doesn’t change the fact that the last fix is weeks away
Google already had three vulnerabilities patched of the four publicized by Check Point Security over the weekend. It had them patched since Android 4.2. That’s the conclusion we’re getting from Google’s statement on the Quadrooter vulnerabilities found in Qualcomm-based Android devices, a device group totaling in the neighborhood of 900 million.
A spokesperson wrote to Android Central that:
Our Verify Apps and SafetyNet protections help identify, block, and remove applications that exploit vulnerabilities like these.
Hit the source link for the full statement.
The Verify Apps feature has been in the settings since Android 2.3 Gingerbread and on by default since version 4.2 and flat-out prevents the installation of an app that the system believes would cause harm. There’s no option to install the app.
While malware can technically still wreak havoc through those vulnerabilities, you’d have to disable Verify Apps and SafetyNet first.
The company also redoubled its commitment to addressing the fourth security hole in an update next month. It is urging its OEM partners to take Qualcomm’s references to fix the vulnerability even quicker. Of course, you already knew that from statements made yesterday.
Whatever the case will be, it’s unlikely that we’ll see every single manufacturer get a fix out even within a month. Blame fragmentation, blame carrier update approvals, blame whatever you want — just make sure you’re careful in your app sideloading adventures.