Chrome Security Flaw Allows Android Apps to be Installed Without User Knowledge

By NDTV Correspondent | Updated: 24 November 2014 20:18 IST

A new bug affecting the Chrome browser has been found, which reportedly allows drive-by installations of apps on users' handsets without their knowledge. Apps can then extract users' personal information and send it back to the malware author.

Security website Extension Defender reports that the Chrome browser extension bug "allows the company behind it to install an app on your phone without you providing your permission or ever even knowing it was installed."

The website notes that a company called Revjet.io which calls itself a "browser extension monetization" service uses code from another website, Vulcun.com, which enables the background installations. Vulcun.com is a desktop-to-mobile ad server, which lets developers integrate advertisements into their apps.

However, the small snippet of code runs periodically in the background and waits for an opportunity to install apps without a user noticing. The confirmation dialog and permission prompts are also hidden from users. App developers sometimes pay for ads which deliver click-throughs and app installs, so the ad service can make money by delivering installations whether or not users want them. Extension Defender notes that some of the apps used by the malware include 3Dnator, FB Auto-Poker, Post To Tumblr, and Alert Control.

Google has not responded to the report and is yet to take some steps to deal with the threat.

In related news, a report from earlier this month highlighted a Wi-Fi related bug that is causes trouble when users running the latest build of Android on a Nexus device try hooking up to a Wi-Fi network. The bug does not seem to have affected non-Nexus devices so far. Google, however, has acknowledged that issue and will issue an update soon.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.