NFC beaming is not a very common feature on Android. The Near Field Communication (NFC) radio waves technology is used to share files, videos, apps, and photos between the two devices. The bug (CVE-2019-2114) affects smartphones running Android 8.0 (Oreo) or above. The bug allows hackers to plant malware on your smartphone using NFC beaming. The bug was discovered by a security researcher named Y. Shafranovich in January.
The exploit involves users sending a malicious app via NFC. On Android, when you try to install a third party application, the device asks for permission to install the app from an unknown source. The security flaw allowed hackers to send an app via NFC beaming and install without seeking any permission.
Generally, Google displays a security warning but it has white-listed certain apps like Dropbox and Chrome. The apk of these apps get installed without security notification. The bug arises because Google has white-listed the NFC beaming feature. If you receive an app via NFC, it will be installed without seeking any permission. Google claims that the NFC service was designed to share files, images, and videos between two devices and not the apps.
Google has patched the bug by removing NFC from white-listed apps. To be on a safer side, Google recommends turning off NFC and Android Beam feature from your smartphone. Users are recommended to update Android smartphone to the latest version.