The big scary new Android security hole (and why you shouldn’t be too worried)


A little earlier this week, security researchers disclosed their knowledge of a bug affecting the vast majority of Android devices, and one that could allow malware to positively wreak havoc on your system. What’s the problem here, and what can you do to protect yourself?

Although the Bluebox Security team that discovered this vulnerability hasn’t yet disclosed technical details, the gist is that there’s a problem with the way Android verifies cryptographic signatures for APKs, making it possible for malware to modify other apps without detection.

By targeting an app that already has a desirable set of security permissions, malware could easily extend its grasp over an infected system.

Troubling stuff, sure, but is the sky really falling? Google has been informed of this issue for months, and while we haven’t seen fixes arrive for the majority of phones (supposedly, the Galaxy S 4 is the only model that prevents the attack), Google is already scanning apps submitted to the Play Store to block any that might attempt to exploit it.

That means that you’re only in danger if you’re sideloading or getting your apps through third-party stores. And really, there’s always been varying degrees of risk when going down that road, so it doesn’t really feel like this is any kind of sea change there.

Source: Bluebox
Via: The Droid Guy

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!