Researchers at Promon, a Norwegian company specializing in digital protections, have found a new security breach in the Android system named “StrandHogg,” which may allow fake apps to “hijack” legitimate apps and perform malicious tasks in their place.

The report released indicates that users tend to trust the software they know and end up granting permissions for criminal intrusions. Also, this bug allows you to show fake login pages, in a technique known as phishing and may target bank accounts.


According to the information provided by Promon, StrandHogg is a flaw found specifically in Android’s multitasking feature, in a screen switching method called “task repair”. At this point, when the user touches the icon of a legitimate app, the fake appears in the foreground of the screen. By not realizing the visual difference between the two, the user ends up granting input permissions or providing their personal data.

The report indicates that no version of Google’s operating system is free of the flaw, including the latest Android 10. Because of this, Promon tested the 500 most downloaded applications from the Google Play Store and found that they all have the potential to be exploited by the vulnerability detected, even if it is not necessarily their fault.


Although the BBC brought up Google’s word that they have suspended the mentioned apps and are working on improvements to Google Play Protect, Promon’s technology director, Tom Hansen, told the British website that the bug can still be exploited on Android 10 screens. The researchers reported the bug to the developers of the operating system more than 90 days ago.

Android Spyware Detection App
READ:  Sony Xperia 1 III and Sony Xperia 5 III: Features, Reviews, and Prices

Promon discovered StrandHogg after a Czech financial sector company, for which it provides security advice, reported that some Czech banks have had several customer current accounts reset to zero. After closely examining the case, analysts detected that up to 36 different apps may have exploited the vulnerability.

How to protect yourself?

The user, for the time being, must take care not to provide data and permissions when they are not needed, and always read what is written on the screen and what the app is actually asking to do. If you’ve been using that app for months and it’s never asked for your data before, why would it be asking now? It’s something to consider. Finally, it’s always worth keeping an antivirus software installed on your phone.

Subscribe to Our Newsletter

This post may contain affiliate links, which means that I may receive a commission if you make a purchase using these links. As an Amazon Associate, I earn from qualifying purchases.