This Tool Can Check Your Phone for Apps Affected by Android’s Bug

This Tool Can Check Your Phone for Apps Affected by Android’s Bug
Photo: Emmi Korhonen, Getty Images

Over the weekend, some Android users with Microsoft Teams installed began reporting that they weren’t able to call emergency services unless they were signed into the app’s latest update. It’s a pretty grisly software bug, to be sure, and one that’s thankfully been rectified thanks to a new patch that Microsoft issued to its latest Teams update. But Google won’t be rolling out an Android update until January 4, leaving some users nervous that another app might inadvertently end up exploiting that same bug.

Thankfully, a developer has come out with a tool that’s designed to detect potentially vulnerable Android apps before those exploits happen. The PhoneAccountDetector tool was built to identify apps with the same weaknesses that were found in Microsoft Teams before the patch. While these apps likely aren’t preventing users from making emergency calls right now (and might not ever cause that issue), this check-up can tip users off about the vulnerable apps on their device before things get out of hand.

In a nutshell, the bug that affected Microsoft Teams could be traced back to the app’s calling capabilities: when an app has the ability to make a phone call, it pings a particular endpoint — PhoneAccount — in order to complete that task. If an Android app’s internal code creates too many duplicates of that particular endpoint, the way Microsoft Teams’ did, pre-patch, it triggers the bug that blocks those emergency calls.

The actual technical breakdown is way more complicated, but TLDR: an app shouldn’t need more than one PhoneAccount endpoint; when you have too many, you risk your device defaulting to routing all calls — even emergency calls! — through that particular app.

Enter this new tool, fittingly called “PhoneAccount Abuse Detector.” As the name suggests, this program sifts through the apps on your Android phone to find any apps that might be creating too many duplicate PhoneAccount endpoints by mistake. If there are no apps found abusing that particular endpoint, great! But if the Abuse Detector finds a pesky app pinging those particular endpoints more than once, the developer who created the tool suggests you might want to either disable or uninstall the app entirely to prevent them from potentially interfering with emergency calls. You also might want to let the app’s developer know that they need to update their shit.

While Android’s upcoming January update should render this bug moot, this tool is a handy way to check up on the apps on your phone before that fix happens. And it’s easy to download! Just go to the program’s GitHub page, download the Android application package (APK), install it on your phone, and run it.