Google: The vast majority of Android devices are safe from Quadrooter leaks

Google has announced that Android devices from version 4.2 are protected against the recently discovered Quadrooter vulnerabilities. That means more than ninety percent of all Android devices are unaffected.

In a response to Android Central, Google says that devices with Jelly Bean or higher have the ‘verify apps’ function. This feature shows a warning if an app is installed outside of the Play Store and can completely block an installation if it poses a security risk. Therefore, to be vulnerable to Quadrooter, users should enable both the install apps from unknown sources feature and disable the authentication feature. In addition, the SafetyNet technology would also provide protection.

On older devices, the security measures can be enabled manually. The four Quadrooter vulnerabilities were discovered by security firm Check Point and presented at the Def Con conference. The vulnerabilities are present in the driver for Qualcomm chipsets and could be exploited by an attacker using a malicious app.

At the time of publication, the company estimated that “hundreds of millions” of devices would be vulnerable to the vulnerabilities. Three of the four vulnerabilities have now been resolved by Google, which means that they are no longer present on devices with the most recent patch level. A fourth vulnerability, present in Android’s ashmem subsystem, Google plans to patch in September.

Due to the delayed patching process on Android, many devices remain vulnerable despite updates by Google. As it turns out, the authentication and SafetyNet feature provide an additional layer of protection. Check Point has released a tool that allows users to check if they are vulnerable to Quadrooter.