Microsoft researchers detect security vulnerability 'Dirty Stream' in Android apps

With more than 3.5 billion active Android phones worldwide, it draws cyber criminals to prey on naive users.

While users are advised not to visit any shady websites on the internet, it is also the responsibility of platform owners to take up protective measures to prevent online fraud.

Google, over the years, has put a lot of effort into improving its security. It has even allied with top security firms such as ESET, Lookout and Zempermium and other top phone makers such as Oppo, OnePlus with Microsoft, and Meta steering committee members at the helm of App Defence Alliance.

With the advancement of technology, it has become increasingly more work for platform owners to keep up with emerging threats. Bad actors are coming up with ingenious ways to detect vulnerabilities in devices to breach security and steal the personal information of a targeted person or a corporate employee's phone to extract the company's trade secrets for ransom.

In the latest instance, Microsoft's security researchers have uncovered a vulnerability in the filesharing mechanism on several Android apps. When apps are installed on the phone, they interact with each other and exchange files and content between them. For instance, a messenger app will need access to the contacts list for identification of the text sender.

Popular apps including Xiaomi File Manager and WPS Office and others have been known to have this vulnerability dubbed as 'Dirty Stream'.

If the phone users install a malware-laced app from shady websites, the latter can sneak into other important apps bypassing security to steal information and pass it on to servers operated by bad actors.

Microsoft's team informed Google's Android Application Security Research team and the latter has quickly resolved the issue.

Here's how to protect your Android phone from malware-laced apps

1) Always install authentic Android apps from the official Google Play Store

2) Avoid looking for gaming cheat codes on websites published by unknown developers

3) Never click on URLs shared on emails or messenger apps

4) Avoid side-loading any applications to your device

5) It is a good practice to install good anti-virus applications such as McAfee, Kaspersky, Sophos, Norton, and ESET, so the malware can be detected early and removed from the system.

Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.