Researchers have discovered a flaw in Android, which can be exploited for phishing or to push irritating pop up ads. With the help of this flaw, innocuous apps can be created which present fake login pages for banks, which could be mistaken for genuine log in pages. This may compromise the user’s banking password and result in financial loss.
The researchers reported their findings some time back to Google and the company is working on a solution for the problem. This solution won’t disturb people’s app experience.
“Switching between applications is a desired capability used by many applications to encourage rich interaction between applications. We haven’t seen any apps maliciously using this technique on Android Market and we will remove any apps that do this,” Google told Cnet.
At present, when users are viewing one app and another app needs to communicate with the user it sends an alert on the notification bar.
Researchers have also developed a game to show how annoying pop ups can appear when apps such as Facebook, Google Voice, Amazon and Google mail are being used.