Android suffers from a major vulnerability, Google fixes it only on Pie

With the Android Pie update, Google is bringing a host of new features and improvements that aim to bump up the experience for eligible users across the world. It’s also more secure in the present and contains a fix to a security flaw that was present on older Android versions. However, this is a security flaw that needs to be catered to immediately as it leaves billions of devices at risk from hackers.

According to a report from NightWatch Cybersecurity, all Android version older than Android 9 Pie contains a security flaw, named CVE-2018-9489, which can be used by any third-party app to "uniquely identify and track any Android device" and also to "geolocate users". The flaw allows apps to ignore permissions and get access to information found in system broadcasts such as the Wi-Fi network name, MAC address, local IP addresses, BSSID and DNS server information.

Any app with an unrestricted access to these parameters can help someone with malicious intentions to locate a device remotely and steal data, without even letting the user know about it. Google was informed of the issue and it eventually got fixed with the latest version of Android 9 Pie.

However, the problem is that Android 9 Pie is presently running on a total of less than 0.01 per cent of smartphones across the world. Only the Google Pixel series and Essential’s PH-1 are running on Pie, thereby offering the security from this bug. However, billions of Android devices are still running on older versions of Android, with no plans of a majority of them being upgraded to the newer OS anytime soon. The report says that Google is in no mood to fix the issue for older Android versions, thereby leaving almost the entire Android universe vulnerable to a deadly flaw.

(source)