Stranhogg has been commented a lot this last week, but it happens that it is not a new vulnerability: it has been known since 2015, and refers to the ability some apps have to display messages over other apps, known as Android Toast Overlay attack.
To do so, they use the “Android.permission.SYSTEM_ALERT_WINDOW” permission, which is asked to user device as “Draw over other apps”.
This permission is used by several popular apps such as youtube, Microsoft office suite, or even google photos, so removing it from android is somewhat difficult, and for this reason although it has been known for years that it might represent a security flaw, nothing has been done to restrict or even disable this feature.
So you might call it a “weakness” in the sense that this is a documented official features, that works as it should, as opposed to a “vulnerability”, that usually refers to a misfunction of a feature that is used to compromise a device.
The news today is that some new malware has begun using this “weakness”, and that some security company has given a name and a logo to this “weakness”, giving it a new relevance and publicity.
We hope that this will push google to think in a a better way to handle this permission.
Meanwhile you can use Samoby to analyze, detect and automatically block StrandHogg’ Vulnerability.