Check Point has revealed four vulnerabilities, bundled under the QuadRooter nickname, that take advantage of problems with Qualcomm driver software to get root-level access and install malware that could hijack your device.
All an attacker needs to do is load a seemingly innocuous, permissions-free app to deliver the payload. The exploits could affect the majority of Android devices — Check Point estimates 900 million in total, or most of the 1.4 billion active devices in use as of fall 2015. Check Point has gone so far as to release an app that tells you whether or not your hardware is vulnerable.
Thankfully, three of the four issues have been patched, and a fix is coming for the fourth. However, there’s a very real chance that you won’t get a fix. People with newer Nexus devices already have their fix, but it may take a while for vendors like LG and Samsung to test the solution with their heavily customized takes on Android. And while plenty of security vulnerabilities go unfixed on older hardware that no longer gets support, that lack of updates is a particularly sore point with QuadRooter — many of those 900 million devices are far from the cutting edge.
If you stick to Google Play downloads, you’ll likely be safe. With that said, attackers could easily prey on users who either don’t know this or live in countries where unofficial app stores dominate, such as China.