As much as developers try to make their apps as secure as possible, from time to time there will be flaws discovered. Sometimes these flaws aren’t particularly serious, but sometimes they can be pretty bad. Recently during the PacSec conference in Tokyo, Qihoo 360 developer Guang Gong discovered a particularly nasty vulnerability in Chrome for Android.
This includes the ability to install apps onto the user’s phone completely without their knowledge. Gong demonstrated the vulnerability to a Google representative who saw it in action. Thanks to his discovery, Gong has since been rewarded with a trip to Vancouver for the CanSecWest Applied Security Conference and where he will also be able to enjoy a ski trip.
As for the vulnerability itself, it is contained only to the app, so for those worried about it being a bigger and system-wide issue like Stagefright, you can rest assured that it’s not. Details of how to work the exploit were naturally unpublished so there is a good chance that it might not even be in the wild yet, so hopefully Google will push out an update soon before someone else figures it out.