Major Android security vulnerability was discovered by Bluebox labs, the research team of Bluebox that a master key hole can turn any application into a Torjan malware and take over 99% of the Android smartphones for the past 4 years. On July 10th, Google had already release the patch to OEM to shop to customer.
It is said that this significant flaw had been around since Android 1.6 (Android 1.6 Donut). It may impact any Android phone for the past four years; in other words, 900 million devices could be affected.
According to Gina Scigliano, Google’s Android communications manager, “A patch has been provided to our partners—some OEMs, like Samsung, are already shipping the fix to the Android devices.” However, in order to update the security system, current Android users have to turn to their hardware vendors for updates.
In order to assure that the software has not been modified by a third-party, each program contains cryptographic signature of authentic Android application. However, such security loophole allows hackers to enable the malicious code under the condition of not affecting the cryptographic signature. In consequence, any Android developer who takes the advantage of such loophole can access to use’s phone like a legit regular app.
Nevertheless, Android users shouldn’t be worried too much. Scigliano also said that “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools,” “Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”
More about Android security: Most Androids Vulnerable Due to Outdated Firmware