Skip to main content
  1. Home
  2. Phones
  3. Mobile
  4. News

Malicious hackers could exploit flaws in Android for Work to nab sensitive data

Add as a preferred source on Google

One of the pillars of Google’s enterprise-focused “work features in Android platform,” previously called Android for Work, is security. But a newly discovered exploit demonstrated at the RSA conference in San Francisco on February 16 showed how an attacker could view, steal, and even manipulate content on a corporate Android smartphone without tipping off IT administrators.

The flaw, discovered by Yair Amit, chief technology officer of cybersecurity firm Skycure, has to do with the way Android for Work handles “sandboxes,” or protects user profiles. The service operates on the idea of a “work” profile with business-level controls, enterprise applications, corporate email, and secure documents on a smartphone or tablet. This secure profile effectively acts as a separate user, though it shares icon badges and notifications with the personal profile.

Recommended Videos

This concept of sandboxing — creating a secure container where apps outside the work profile can’t access data inside it — is key to Android for Work’s conceit. But it isn’t bulletproof.

One potential line of attack involves Android’s notifications framework. Incoming Android for Work messages are designated with a red briefcase icon in Android’s notifications window, giving the impression that they remain segregated from those in the personal profile.

But notifications on Android are a device-level permission, meaning apps in the personal profile can potentially manipulate the content of notifications from the work profile. Malicious software could view sensitive incoming work emails, calendar appointments, file attachments, and other messages, for example, and could transmit that information to a remote server.

The second line of attack exploits a flaw in Android’s Accessibility Service, the Android component that provides usability enhancements for impaired users. It necessarily has access to virtually all of Android’s content and controls, making apps that acquire permission to use it particularly dangerous — and difficult to detect. For instance, an app could use Android’s Draw Over Apps feature, which allows apps to lay text and graphics on top of other apps, to trick a user into activity Accessibility Service or Notifications without their knowledge.

That’s not to suggest the attacks can’t be mitigated. Android 6.0 Marshmallow requires users to manually allow apps to create system overlays by changing permissions in the settings menu. And the Notifications attack requires a user to grant extraordinary permissions to an installed app. Still, Amit notes the relative ease of circumventing Android for Work’s sandboxing method by exploiting the “illusion” of security.

“The interesting thing about both of these […] methods of defeating the Android for Work profile separation is that the device and the Android operating system remain operating exactly as designed and intended,” Amit said.

“It is the user who must be tricked into placing the software on the device and activating the appropriate services that allow the malware access to sensitive information. [The] illusion of a secure container […] tends to allow people to let their guard down in the belief that the environment itself is a sufficient security mechanism to protect data.”

Kyle Wiggers
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
How to install iOS 27 public beta on your iPhone?
iOS 27’s public beta is here, and its loaded with new features and experiences you might want to try.
iOS 27 beta update open on iPhone

After iOS 27’s third developer beta shipped on July 6, Apple released the first public betas for iOS 27 on July 13, 2026. While the main additions remain the same across the builds, the latter is the more refined and polished version, free of rudimentary bugs and glitches.

If you have a compatible iPhone, you can install the first public beta of iOS 27 today and experience the new Siri AI and other features yourself, provided that you know exactly what to do.

Read more
This Android malware can spy on your screen, read your texts, and control your phone remotely
Upgraded RedHook Android malware now abuses Android's built-in Wireless ADB to hijack your phone without root access.
android-redhook-malware

A nastier version of the RedHook Android malware is making the rounds, and it does not need a USB cable or a rooted phone to take over your device. Researchers at Group-IB discovered the upgraded variant, which is a significant step up from the version spotted in 2025. The scariest part? It uses one of Android's own built-in tools to do it.

How RedHook malware tricks your Android phone into handing over control

Read more
iOS 27’s public beta is finally here, and you don’t need a developer account to get in
Siri's biggest comeback is finally leaving the lab.
iOS 27 new star rating feature in Photos

Greg Joswiak just made it official. A few minutes ago, Apple's marketing chief confirmed the availability of public betas for iOS 27, macOS 27, iPadOS 27, and other Apple devices.

If you've spent the last month watching developers gush over Siri AI, patiently waiting for the public beta, that wait is over.

Read more