Android 13 is malware that scoffs at new security options

Android 13 has already arrived, and among the novelties of the new Google operating system are also appearing several security options: in particular, Google has tried to limit access to accessibility permissions for apps downloaded outside the Play Store. Unfortunately, it seems that BigG failed in its intentas a new malware exploits exactly what was said for “install” on the device.

Amazon offers

It is good to describe how this new security option that we mentioned in the introduction works. With Android 13, apps that don’t come from the Play Store (specifically, manually installed apk files) they cannot directly access the permissions to use the accessibility featureswhich are otherwise easily accessible from the app settings.

In the case of app sideloading, it is necessary to activate and guarantee accessibility permissions follow a fairly lengthy procedure, which leads the user to navigate between different smartphone menus. This makes life much more complicated for malicious apps that use accessibility to perform their actions.

The accessibility options are in fact extremely powerful: through these, an app can literally take control of your smartphone deactivating the touch, preventing you from unlocking the device and activating and deactivating the data connection at will. Also, such apps they can also prevent the user from uninstalling the softwaremaking it virtually impossible to get rid of applications that take advantage of accessibility options.

However, Google does not want to make life too complicated for users who need apps with accessibility functions, and therefore allows apps from “approved stores” (for example, the Amazon App Store) to bypass the block just mentioned, allowing users to activate permissions to use accessibility options.

Malware BugDropcreated by ThreatFabric with the aim of showing the vulnerability of Android 13, it exploits this principle: a first malicious app is installed on the smartphone posing as an approved storeand subsequently this installs a second app, the actual malware. The latter will be able to access accessibility permissions in a simplified way, since Android’s garlic will be an app from a secure source.

Google has not yet commented on this, but we are confident that with the release of subsequent security patches the company will try to fix this problem.