New “Fake ID” exploit allows new types of malware on Android?
Malware issues and Android have been a mix of repeated controversy over the last couple of years. We do know of the existence of malware for Android, and we do know of the security risks involved, but it’s hard to remember the last time we’ve ever heard of a virus attack that’s rendered Android smartphones useless, or at risk. Malware on mobile devices is surely possible, but sadly not as popular as it was a decade ago on Windows computers, and still, new reports emerge today of a new risk to Android.
A new “Fake ID” exploit reportedly allows fake applications or services to poise as trusted applications by faking approval credentials and the app’s cryptographic signature. The means for this service to work are a bit questionable since Fake ID can work through Adobe Flash (which is no longer supported by newer Android models), NFC contact, and other means through existing applications. The security company involved in detecting this issue also claims that even with Google’s recent security enhancements on Android 4.4 KitKat and even Android L, these devices are also at risk. These newer devices don’t have as much risk as the older ones that still run the Flash-based browser Web View, but given the fact that very few devices run the latest version of Android makes this risk much bigger.
All this being said, Android isn’t the only operating system that’s exposed to malware. Being able to jailbreak an iPhone requires an exploit, so it’s hard to call any of these risks something you should panic about. It’s always great to know about these things and be informed, but we’ll keep you posted in case there’s something to be alarmed about.