An app on Google Play Store allows Certifi-Gate to be exploited

A London-based app publisher has placed a lot of Android phones at risk by releasing an app which can be used to exploit the Certifi-Gate vulnerability.

The app, available at the Google Play Store, allows users to record what they are doing on their Android devices.

It has between 10,000 and 50,000 installs and a 3.8 average rating. The app in question is called EASY screen recorder NO ROOT, and costs $4.73 (£3.02) to buy.

Security researchers from Check Point have recently discovered a vulnerability, which they have dubbed Certifi-Gate, that allows hackers to gain what they call “illegitimate privileged access rights” and take full control of your smartphone or tablet though apps installed on your Android devices by manufacturers and mobile phone networks.

Check Point says that all versions of Android 5.0 (Lollipop) and 4.4 (KitKat) are vulnerable to Certifi-Gate, meaning more than 50 per cent of all Android phones are vulnerable.

According to IB Times, Check Point published a scanner app to allow users to check if their smartphone has been compromised and having analysed the data from this app, the company has already found devices which are actively being exploited by Certifi-Gate.

The app is developed by Invisibility Ltd, a company with a London address and which publishes a number of similar Android apps.

"Hackers were able to bypass the Android permission model to access system level resources and capture details from the affected device," Check Point said. The hackers were able to leverage the vulnerability and bypass the Android permission model to use the TeamViewer's plug-in to access system level resources and to record the device screen.