Android Nougat's password change procedure affects malware and disinfectors

Android Nougat is changing the way passwords can be reset in an Android device. An API can no longer be used to make the password change. This tweak changes both the dark arts as well as the defense against them. Currently, malware can hijack the system and prevent users from accessing their phones, by using the “ResetPassword” method in the API to change the password of the phone. The malicious app requires administrator level privileges for this to work. [caption id=“attachment_324350” align=“aligncenter” width=“452”]  Image: symantec[/caption] The Nougat update changes the way this method works. The “ResetPassword” method can only be used to set a new password, once. It cannot be used by a malicious app to change the password, in Nougat. A malicious malware can potentially use the method to lock down devices on which passwords have not been set. Symantec has studied a trojan for droids that currently uses the “ResetPassword” method to keep people from accessing their devices. The malware is called Lockdroid. There are a few measures consumers can take to minimise the damage caused by a potential infection. Backing up all your data frequently is a good idea. It is recommended to set a password on the device. Keeping the operating system, and applications up to date reduces the chances of an infection. Uninstall applications that require unnecessary or unexplained permissions. Download Android applications only from trusted sources.