“Our research brought to light a new type of security-critical vulnerabilities, called Pileup flaws, through which a malicious app can strategically declare a set of privileges and attributes on a low-version operating system (OS) and wait until it is upgraded to escalate its privileges on the new system. Specifically, we found that by exploiting the Pileup vulnerabilities, the app can not only acquire a set of newly added system and signature permissions but also determine their settings (e.g., protection levels), and it can further substitute for new system apps, contaminate their data (e.g., cache, cookies of Android default browser) to steal sensitive user information or change security configurations, and prevent installation of critical system services.” reports the paper.

The Pileup flaws allow a hacker to escalate permission, signature and settings for a malicious app that could be used to steal the user’s data. The researchers used a program analyzer to discover 6 distinct Pileup flaws into the Android Package Manager Service, nearly 3,522 source code versions customized by principal manufactures including LG, HTC and Samsung.

According the researchers all the Pileup flaws have been reported to Google by the research team, one of vulnerability has been already fixed by them.

As a result of their work, the researchers developed a scanner app called SecUP that is able to inspect the applications discovering malicious apps already installed on the handset that have been designed to exploit Pileup flaws.