Researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps. The attack takes advantage of the way Android apps utilize ‘External Storage’ system to store app-related data, which if tampered could result in code injection in the privileged context of the targeted application. Xiaomi Browser was found to be using the External Storage as a staging resource for application updates. Google, Xiaomi, and other vulnerable applications declined to fix the issue, according to the researchers.
Source: https://thehackernews.com/2018/08/man-in-the-disk-android-hack.html