The big scary new Android security hole (and why you shouldn’t be too worried)
A little earlier this week, security researchers disclosed their knowledge of a bug affecting the vast majority of Android devices, and one that could allow malware to positively wreak havoc on your system. What’s the problem here, and what can you do to protect yourself?
Although the Bluebox Security team that discovered this vulnerability hasn’t yet disclosed technical details, the gist is that there’s a problem with the way Android verifies cryptographic signatures for APKs, making it possible for malware to modify other apps without detection.
By targeting an app that already has a desirable set of security permissions, malware could easily extend its grasp over an infected system.
Troubling stuff, sure, but is the sky really falling? Google has been informed of this issue for months, and while we haven’t seen fixes arrive for the majority of phones (supposedly, the Galaxy S 4 is the only model that prevents the attack), Google is already scanning apps submitted to the Play Store to block any that might attempt to exploit it.
That means that you’re only in danger if you’re sideloading or getting your apps through third-party stores. And really, there’s always been varying degrees of risk when going down that road, so it doesn’t really feel like this is any kind of sea change there.