The new upcoming version of the Android Operating System will introduce a new and significant feature which will not allow the ‘Extortionists’ to use the “resetPassword” API function to lock the device by resetting the user password.
As we all know that how popular the Google’s “Android” Operating System is, but, the ransomware and the malicious software continues to grow rapidly. Hence, the defenders are also working very hard to keep the pace, but most of the efforts to destroy the ransomware have come within the third-party security software and involving changes, but now the tech giant Google is making a major change into the next version of its Android Operating System to prevent and block the key part of some ransomware threats.
The expected version of the Android OS is more focused on security than its predecessor as we mentioned earlier. On the next version of the Android OS, one of the most significant innovations is the functionality that does not allow the device to reset your password. As the API to change the password in the Android Nougat has undergone significant changes. Developers allowed to use API “resetPassword” solely to set a new password but it does not reset the old one.
The principal threat analysis engineer at Symantec, Dinesh Venkatesan said in an analysis of the new feature that “The malware sets or resets the password (either a PIN or a pattern) for the device’s lock screen by invoking the “resetPassword” method. In order to invoke this method, the calling application must be a device administrator”.
Such a change in the code will do not allow any malware to reset their own password to the screen locker. However, there is another point is that the Malicious software will be still able to use the API “resetPassword” for the installation on the device to reset the password if the password has not been set previously.
According to the Symantec security lab, With the release of the new version of the Android OS (Android Nougat) malware will not be able to change the device password, and will block the access to the device. However, users should be sure to set a password on their own.
Moreover, the principal threat analysis engineer at Symantec, Dinesh Venkatesan said that “This development will be effective in ensuring that malware cannot reset the lock screen password, as the change is strictly enforced and there is no backward compatibility escape route for the threat. Backward compatibility would have allowed malware to reset the lock screen password even on newer Android versions. With this change, there is no way for the malware to reset the lock screen password on Android Nougat”.