Android users are at risk of having their smartphones exposed to hackers due to a recently discovered vulnerability in Google's mobile OS.
Hackers can exploit the vulnerability to hijack an installation of a trusted app and replace it with a malicious one.
Palo Alto Networks found out that the Android vulnerability can affect nearly 50 percent of all Android users, both on smartphones or tablets.
Once the malicious app is installed, the hackers can then steal users' data without them even knowing it.
Zhi Xu, a threat researcher from Palo Alto Networks, discovered the vulnerability exploit in the operating system's "PackageInstaller" service. This allows attackers to gain full permissions once the device is compromised, according to Mobile Enterprise.
The hackers trick the users into seeing a smaller set of permissions before installing an app. These permissions range from SMS messages access, GPS location, telephony, Wi-Fi and more.
Attackers can falsely display a Wi-Fi connection permission, but all other permissions will be granted once the Android user agrees to install the app.
"The malicious application can gain full access to a compromised device, including usernames, passwords, and sensitive data," said Palo Alto Networks.
The tech firm added that the hackers can substitute even the most popular apps such as "Angry Birds," but only those apps that come from third-party stores are at risk, according to The Hill.
Android already has more than one billion users around the world, which means that the vulnerability has the potential to affect about 500 million users.
However, there is currently no reports of users being affected by the bug yet.
Palo Alto Networks already informed Google regarding the exploit issue. An app has also been released to check for malicious apps hiding in an Android device.