A feature in Android devices used in 74 percent of ransomware will be fixed for the next version of the Android operating system, Android O, which is expected to begin its rollout in August.
Ransomware — software that interferes with the functioning of a computer until a user pays a ransom — is different for smartphones than for Macs and PCs. On the latter, ransomware often encrypts files, only sending the key once a price is paid. But on smartphones, where there are fewer sensitive files to encrypt, ransomware tends to overlay the screen with a ransom note until payment.
Security firm Check Point calculated that 74 percent of ransomware uses the same command to put up that lock screen — "SYSTEM_ALERT_WINDOW." That command allows one program to display above all other programs.
Google, the maker of Android, has long been aware that SYSTEM_ALERT_WINDOW is problematic. On the one hand, it has obvious use in ransomware and other malware. On the other, apps like Facebook need it to function. Knowing that there was the potential for abuse, Google designed a unique security feature years ago to make sure only safe programs would be allowed to use it: Only apps downloaded from Google's Play store can use SYSTEM_ALERT_WINDOW.
Since Google is able to vet the apps in the Play store, it figured it could block any app that would misuse the command. However, malware sometimes slips through.
Check Point found that not only does three-quarters of ransomware use the feature, but so do 57 percent of apps that cause ads to pop up — called adware — and 17 percent of banking Trojans.
Check Point alerted Google, which told the firm a fix was slated for the next Android release.