Difficult-to-remove Android multitasking bug could leave smartphones open to hijacking

A security hole discovered by researchers in Google's Android operating system could leave smartphones vulnerable to hijacking.
In a series of videos posted on YouTube, researchers from the Cyber Security Lab of Pennsylvania State University demonstrated how the vulnerability could be exploited by a malicious app to take control of someone's phone.
After downloading and running a malicious app on a user's phone, the researchers had complete remote control of the device and access to sensitive data. Unlike previous security breaches detected in Android however, the problem stems from a fundamental feature, without which the whole system would not function.
That could make fixing the hole incredibly difficult.
At a paper presented at the USENIX security conference earlier this month, the Penn State researchers said that Android's multitasking function – which allows users to run several apps at once and switch between them – makes "all recent versions of Android vulnerable to task hijacking attacks".
In an examination of more than 6.8 million apps on various Android stores, the researchers found the risk to be "prevalent".
“Attackers may steal login credentials, implement ransomware and spy on users' activities,” the paper said.
Ren Chuangang, one of the authors of the study, told the South China Morning Post that he and his fellow researchers had alerted Google to the problem, but the firm said it had "no immediate plan to fix this issue".