How to Prevent Ray-Based Hacks on Your Android
Today, with “it’s always a good idea to keep your devices up to date,” a recently discovered loophole in Android’s NFC-based file sharing, Android Beam , is allowing someone to install an app on your device. The loophole has already been discovered and fixed by Google in an Android update released last month, so the diligent developers have already closed. If not, now is the perfect time to do it.
The bug, as reported by ZDNet , is actually a misclassification of Beam security permissions. In most NFC-based exchanges, users must be notified that information is being transferred. In particular, in the case of applications, Android must block the installation of applications from “unknown sources” outside the Google Play store unless you confirm that you need them.
In Android 8.0 and later, Android is whitelisted by the Google Beam, making it trustworthy for the Play Store. So, if someone submits an app via Beam, it will install automatically as soon as you confirm receipt of the app, without any security warnings. As someone who reads halfway through notifications all the time, I can attest to the fact that it sets even the most security conscious of us to accidentally install malicious software.
Google updated Beam permissions in the October 2019 Android update . If you update your phone, the issue has already been resolved. (I would suggest checking for updates if you didn’t last week, just in case.)
You can also turn off NFC file sharing entirely when you’re not using it by going into the Settings app, tapping Connections, then NFC & Payment, and turning off Google Beam. Disabling Beam will block any NFC file sharing without disabling other NFC-based applications such as Google Pay.