Skip to main content

Google patches Android icon security flaw


Cyber security vendor FireEye recently announced that Google has patched a software flaw that left Android users open to phishing attacks. The firm says that it identified a malicious app that could modify the icons of other Android software applications. The strategy behind this attack, would be to trick an unknowing Android user into clicking a false app icon that would direct them to a phishing website.

These bogus sites would then try to steal their personal information. Some of the permissions attacked by the malware include  “” and “” These permissions allow an application to reconfigure an Android device’s launcher, including its software icons.

FireEye says that these two permissions have been classified as “normal,” a listing given to permissions thought to be free of malicious software. Since the permissions were considered safe, Android users weren’t warned about the potential risks when installing an application.

FireEye notified Google in October 2013 and Google released a patch to its OEM partners in February. The patch may have possibly been further delayed, due to vendors slowly updating their software.

(via Computer World)

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel