Do you like downloading and trying a wide range Android games and apps? You may want to rethink that habit, or at least proceed with circumspection. A newly disclosed Android vulnerability means miscreants can employ manifestly harmless apps to fool you into giving them "permission" to take command of your phone or tablet and watch everything you do with it.

Researchers at UC Santa Barbara and the Georgia Institute of Technology recently revealed a vulnerability they call Cloak & Dagger that can allow miscreants use your telephone'southward own permissions against you. It works like this: You lot download and run a new app. Every bit so many apps do, information technology pops upwards an opening screen that asks you lot to to agree to something. That something could be most anything: Click here to watch our tutorial video. Or proceed to the game. It doesn't actually matter what the app appears to exist asking you to do. What it's actually doing is asking your permission for administrative powers that allow information technology utilize your phone for...whatever it likes.

How does information technology manage to fool you? Using an Android feature chosen "Draw over other apps," in which an image or dialog box appears on elevation of anything else that might exist on your device's screen. The "chat heads" used by Facebook Messenger are one example of how this works.

Google routinely grants apps the correct to describe over other apps if they request information technology. They can exist highly useful, merely a cleverly crafted drawing could exist laid on top of an Android warning well-nigh granting an app extensive permissions, while making it appear that you're saying OK to something completely different. Ane example is that information technology can activate accessibility functions. That allows the nefarious app to see and tape your keystrokes, as some accessibility functions demand to practice in club to part.

This (silent) video shows how it works:

What can you do about information technology? Unfortunately current versions of Android do not ask for your permission for a newly installed app to depict over other apps. And so to find out if you're affected, begin by going into Settings, clicking on apps, and so clicking on settings from the app list (the gear in the upper right). At the bottom of the list that appears, y'all'll observe "Special access." Click that to run across which apps take the right to depict over other apps. You can get detailed information well-nigh this vulnerability and how to cheque your device here.

Google has known most this vulnerability for some time now--the researchers alerted the company months before telling the rest of united states. And the company says information technology is able to notice and block Play Store apps that accept reward of information technology. So a good place to first would be to avoid downloading Android apps from anywhere other than the Play Store unless yous know and trust the source. And hope that Google finds a way to close this security loophole soon.