With Android 7.1, Google has added a so-called "panic button" behavior in its mobile operating system, so users can immediately shut down any app they suspect of being infected with malware.
The feature was added as an option in the Android operating system's config.xml file [line 845].
< !-- Control the behavior when the user panic presses the back button. 0 - Nothing 1 - Go to home -- > < integer name="config_backPanicBehavior" >0< /integer >
The backPanicBehavior is currently disabled and appears to be under testing. Settings related to backPanicBehavior can also be found in the PhoneWindowManager.java file.
// Number of presses needed before we induce panic press behavior on the back button static final int PANIC_PRESS_BACK_COUNT = 4; static final int PANIC_PRESS_BACK_NOTHING = 0; static final int PANIC_PRESS_BACK_HOME = 1;
According to the settings in these two files, if Google would ship this feature enabled in future versions of its OS, the user could press the "Back" button four times in a quick succession, and Android would close all apps and return him to his home screen.
According to Android gurus over at the XDA forums, the ones who first spotted the feature, Android interprets these four quick and successive Back button presses as the user panicking about an app and wanting to close it before it does something malicious.
It is unclear if the "panic button" behavior has been fully implemented yet. Bleeping Computer has reached out to Google for comment.
It is also unclear if this panic button behavior would be enough to shut down screen-locking ransomware. More testing is needed, but the feature sounds really promising.
Users can enable this feature if they chose to, but they're doing this at their own risk, as Google hasn't officially announced the feature.
To enable the backPanicBehavior option, users must modify the SystemUI APK, where the two files reside. They can do this by using special Android apps that allow them to modify an APK's inner files right on the phone, or they can download the app offline, modify it there, and reinstall it on their phone.
Both operations are quite complex, and users shouldn't try this, especially since they're tinkering with Android's main APK, the one that runs the entire OS.