Google ya fito Android 13 'yan kwanaki kadan da suka gabata, amma tuni masu satar bayanai suka mayar da hankali kan yadda za su tsallake matakan tsaro na baya-bayan nan. Wata ƙungiyar masu bincike ta gano malware a cikin haɓakawa wanda ke amfani da sabuwar dabara don gujewa sabbin takunkumin Google akan abubuwan da apps zasu iya samun damar sabis. Yin amfani da waɗannan ayyukan yana sauƙaƙa wa malware don gano kalmomin sirri da bayanan sirri, yana mai da shi ɗayan ƙofofin da aka fi amfani da su don hackers. Androidu.
Don fahimtar abin da ke faruwa, muna buƙatar duba sabbin matakan tsaro da Google ke sanyawa Androidu 13 aiwatar. Sabuwar sigar tsarin ba ta ƙyale ƙa'idodin da aka ɗora a gefe su nemi damar sabis na samun dama ba. Wannan canjin ana nufin kariya daga malware wanda ƙwararren mutum zai iya saukewa da gangan a wajen Google Play Store. A baya, irin wannan app ɗin zai nemi izini don amfani da sabis na samun dama, amma yanzu wannan zaɓin baya samuwa ga ƙa'idodin da aka sauke a wajen Shagon Google.
Gidan hoton hoto
Tunda sabis na samun dama zaɓi ne na halal don ƙa'idodin da suke son sa wayoyi su sami damar samun dama ga masu amfani waɗanda ke buƙatar su, Google ba ya son hana shiga waɗannan ayyukan ga duk ƙa'idodin. Haramcin bai shafi aikace-aikacen da aka zazzage daga shagon sa ba da kuma daga shagunan wasu kamar F-Droid ko Amazon App Store. Giant ɗin fasahar yayi jayayya a nan cewa waɗannan shagunan galibi suna bincika ƙa'idodin da suke bayarwa, don haka sun riga sun sami kariya.
Kamar yadda tawagar masu binciken tsaro suka gano ThreadFabric, Masu haɓaka malware daga ƙungiyar Hadoken suna aiki akan sabon amfani da ke ginawa akan tsofaffin malware waɗanda ke amfani da sabis na sauƙaƙe don samun damar yin amfani da bayanan sirri. Tun da ba da izini ga ƙa'idodin da aka sauke "a gefe" shine v Androidu 13 mafi wuya, malware ya ƙunshi sassa biyu. Manhajar farko da mai amfani ya saka shine abin da ake kira dropper, wanda ke aiki kamar kowane app da aka sauke daga kantin sayar da kuma yana amfani da API iri ɗaya don shigar da fakitin sannan a shigar da lambar ɓarna na "ainihin" ba tare da hani na ba da damar damar sabis ba.
Kuna iya sha'awar
Yayin da malware na iya tambayar masu amfani don kunna sabis na samun dama ga ƙa'idodin da aka ɗora a gefe, mafita don kunna su yana da rikitarwa. Yana da sauƙi a yi magana da masu amfani don kunna waɗannan ayyuka tare da famfo guda ɗaya, wanda shine abin da wannan ƙwaƙƙwarar ta cika. Tawagar masu binciken sun lura cewa malware, wanda suka sanya wa suna BugDrop, har yanzu yana kan matakin farko na ci gaba kuma a halin yanzu yana da ''bugged'' da kansa. A baya kungiyar Hadoken ta fito da wani dropper (wanda ake kira Gymdrop) wanda kuma aka yi amfani da shi don yada malware, sannan kuma ya kirkiro malware na banki na Xenomorph. Sabis na isa ga hanyar haɗin yanar gizo mai rauni ce don waɗannan lambobin mugayen, don haka duk abin da kuke yi, kar ku ƙyale kowane app ya sami damar shiga waɗannan ayyukan sai dai in ƙa'idar samun dama ce (banda Tasker, aikace-aikacen sarrafa kansa na wayar hannu).
