Ransomware is one of the nastier types of malicious software to emerge in the last few years. It's not exclusive to mobile, but the basic gist is that it locks down either specific files or an entire machine until the user sends money to a shady, untraceable online account to get their digital life back in order. The combination of easily-exploited security vulnerabilities, relatively small payments spread out over thousands of devices, and users reliance on their phones or computers has proven incredibly lucrative for malware developers.

According to security vendor and researcher Symantec, there's code hidden within Android Nougat that will help protect against these kinds of attacks. In a recent blog post researcher Dinesh Venkatesan pointed out a change to the resetPassword API that should prevent at least some of the nastier ransomware from working. Specifically, this change means that the API can only be used to initially set the password, and not to reset it. It means that there's no way for a sneaky third-party app to reset the lockscreen PIN, password, or pattern - that API can only be used to set a new one on a previously wide-open device.

That does mean that users who don't set up any kind of pre-use security for whatever reason are still at risk, since a well-made piece of malware can set an initial password all on its own. The fix for this is simply to assign a lockscreen password of some kind when you first set up your new device... but then that's a pretty good idea anyway. It's still possible that malicious developers could get around this fix, especially on devices with root privileges enabled.

Source: Symantec