Tech security experts have discovered a ‘high-risk vulnerability’ which could let hackers access victims’ browser history, chat messages and banking apps.
The bug affects Android but has been plugged in newer versions of the software so it’s a good idea to update your operating system immediately.
Researchers from Positive Technologies said the bug has been found in ‘all versions of Android since version 4.4’, which was released in 2013.
It has been fixed in Google Chrome 72 – a recent version of the web browser – so users need to check if this is installed on their device.
The bug was found in an Android component called WebView, which lets web pages be displayed inside apps.
If the phone owner clicks on a malicious link whilst using WebView, they could be at risk of being hacked.
Leigh-Anne Galloway, cybersecurity resilience lead at Positive Technologies, said: ‘The WebView component is used in most Android mobile apps, which makes such attacks extremely dangerous.
‘The most obvious attack scenario involves little-known third-party applications. After an update containing a malicious payload, such applications could read information from WebView.
‘This enables access to browser history, authentication tokens and headers (which are commonly used for login in mobile apps), and other important data.
‘Since Android 7.0, WebView has been implemented via Google Chrome and, therefore, updating the browser is enough to fix the bug.
‘On earlier Android versions, WebView must be updated via Google Play. Users who do not have Google Play Services on their smartphones should wait for a WebView update from the device manufacturer.’