You may have read about the StrandHogg vulnerability that is affecting all versions of Android (inc. Android 10). A technical StrandHogg description can be found here.
The latest update is that Google, in their direct communication with Promon, describes StrandHogg as a ‘Critical Severity Vulnerability’.
This is the highest severity rating, meaning that a fix is urgently required. For more information on Android severity ratings, head here.
Google’s rewards committee has decided that CVE and acknowledgments will be awarded to the researchers from Penn State University. Also, Google acknowledges Promon’s researchers for our findings and contributions to the potential remediation of this issue.
How can you protect your apps while waiting for a fix from Google?
While there currently is no effective fix or reliable detection method against StrandHogg on the Android device itself, there are still steps that you can take as a developer to prevent StrandHogg exploits against your apps.
- Set the task affinity of all activities to “”
An app developer can set the task affinity of all activities to “” (empty string) in the application tag of AndroidManifest.xml to indicate the activities of the benign app do not have affinity to any task. This mitigates the risk only to some extent.
- Proactively protect your apps against StrandHogg exploits and similar vulnerabilities in the future
Multiple vulnerabilities have been discovered in the Android operating system in recent years. This month, the infosec community and the public focused its attention on StrandHogg, while in the future, other variants or similar vulnerabilities may be disclosed.
Fortunately, there is security software available that can proactively protect your apps from both known and unknown threats. This security software is commonly referred to as In-App Protection.
Promon’s In-App Protection software, Promon SHIELD™, protects your app from the inside out by adding multiple layers of security to prevent app manipulation by malware during runtime.
In case any irregularity is detected (e.g., StrandHogg exploits, Accessibility Service abuse, screenreaders, keylogger, or attempts to insert foreign code) In-App Protection software will actively block the suspicious activity and prevent any behavior that might be malicious.
Some final words
This type of research is part of Promon’s ongoing efforts to drive the necessary changes in software security practices while bringing more security awareness amid app developers and end-users. Protecting sensitive data must be a priority for all of us in today’s increasingly dangerous mobile threat landscape.
We would like to thank Google and its Android security team for the acknowledgments – including the monetary ‘reward’ to the Promon team.