Bluebox Security has recently pointed out a kind of hole or opening in the Death Star that is Android’s security. This isn’t a minor hole either as it affects roughly 99% of Android devices on the market. Bluebox stated that the exploit has been around since Android 1.6 Donut and allows for dirty app devs to modify a legit APK’s code without even touching the cryptographic signature. This allows for the installation to go through without being checked.
Ouya Sells Out On Amazon and GameStop
Mad Catz Announces Android-Powered Video Game Console
Android-Powered Wikipad To Be Released June 11
Acer To Announce Low Cost Android All In One Computer Next Week
Bluebox said that the app developer in question just has to trick a user into installing their modified app update to get the exploit to work. One way to achieve this is to have the update parade as a system file from a manufacturer. According to Bluebox, they actually informed Google of the hole in their security back in February. They also mentioned that the Galaxy S4 is the only Android device with immunity to the exploit. CTO Jeff Forristal stated that Google is currently working on an update for the Nexus line of devices which should give them immunity to it as well and close up the security gap.
It’s not beyond reason to expect manufacturers to come up with patches to plug the exploit, but should users wish to take it upon themselves, it’s suggested that they install updates through the PlayStore and use Android’s system update utility.