- It appears that measures against malware like “StrandHogg,” which exploits vulnerabilities in Android’s multi-tasking processes, have been introduced to “Android Auto.”
- An analysis of the Android Auto app v16.3.660834-release reveals that a “cross-UID activity switching prevention” feature (android:allowCrossUidActivitySwitchFromBelow=”false”) has been added as a security enhancement.
- Malware such as “StrandHogg” had been active long before this cross-UID activity switching prevention feature was fully implemented.
It appears that security measures against malware like “StrandHogg“—which exploits vulnerabilities in Android’s multi-tasking processes—have been introduced to the Google car operating system, “Android Auto.”
This was uncovered through an “app analysis.”
「アプリ解析」
当サイトの「アプリ解析」カテゴリで公開している記事では、Google の最新 Android アプリを逆コンパイルして独自に解析し、今後実装される可能性のある新機能や変更点などをお届けします。正式リリース前の新機能や変更となるため開発段階の未確定な情報も含まれますが、Android アプリの今後のアップデート動向をいち早くキャッチできる、ほかにはない当サイトオリジナルコンテンツです。
An analysis of the app files for the Android version of “Android Auto” v16.3.660834-release, released on Monday, March 9, 2026, confirmed that a description for “cross-UID activity switching prevention” (android:allowCrossUidActivitySwitchFromBelow=”false”) has been added as part of a security enhancement.
<application
...
android:allowCrossUidActivitySwitchFromBelow="false">This “cross-UID activity switching prevention” is a security feature introduced in Android 14. When multiple apps are running on the Android platform, it prevents a background app from silently overlaying and hijacking the screen currently being viewed by the user.
Malware like “StrandHogg” operated long before this feature was fully implemented. For example, while a user was running a banking app, such malware would quietly intercept the foreground to steal sensitive information like account details.
This is known as “task hijacking.” Between 2019 and 2020, “task hijacking” malware like “StrandHogg” caused numerous fraud incidents.
Before the Android OS implemented the “cross-UID activity switching prevention” feature natively, app developers had to implement their own defensive measures against “task hijacking.” However, because these implementations were often incomplete, it became a cat-and-mouse game against such malware.
Now, with the Android OS-level “cross-UID activity switching prevention” (android:allowCrossUidActivitySwitchFromBelow=”false”) in place, and its activation within the “Android Auto” app, the security standards have been significantly improved.
Because “Android Auto” provides navigation and calling features while driving cars or motorcycles, it requires highly sensitive permissions such as “location,” “microphone (audio),” and “contacts.” If “task hijacking” malware like “StrandHogg” were able to operate freely, there would be a significant risk of user personal information and other private data being stolen.
Furthermore, there is a risk that users might mistakenly grant app permissions to “task hijacking” malware masquerading as “Android Auto.” This could potentially lead to Google account credentials being stolen or accounts being compromised.
The introduction of “cross-UID activity switching prevention” (android:allowCrossUidActivitySwitchFromBelow=”false”) to “Android Auto” results in no surface-level changes, so users don’t need to worry about it. However, it is good to know that the internal security features have been upgraded.
“Android Auto” App Link
コメントを残す