Google has addressed a security flaw in the Android Launcher permissions for all devices with Android 4.4.2 KitKat or lower. For fixing that, Google has rolled out the patch to the handset makers to eventually push it out to the end customers. FireEye security researchers pointed out the vulnerability in the certain Android app permissions that would let a hacker change icons and settings of the Android launcher.
Google had introduced the Google Now Launcher earlier this year for all Android users to try out the vanilla Android launcher experience. FireEye Security Researchers found out the vulnerability in the Android permissions related to Android Launcher. Targeting the Read and Write Permissions of the Android Launcher, any malicious app could take control and even change the icons of the apps. Eventually the changed icons can redirect to malicious phishing websites and apps.
Google has classified this security vulnerability as normal and currently issued a patch to all its partner handset makers for addressing the flaw in every possible Android device. This permissions related vulnerability exists in every Android device running a version lower than Android 4.4.2 KitKat. Surprising bit is that the vulnerability exists even for the Android devices that do not use Launcher functionality and based on Android Open Source Project; e.g. The Nokia X series.
Imagine the plight of the users having mobile banking applications installed on their devices. One bad app installed and it could easily hijack their Banking account details.
The vulnerability was reported back in October 2013.