Massive Android Flaw Lets Hackers Modify Apps, Hijack 99% Of Android Devices

Android may have advanced in the past couple of years to offer a level of user experience comparable to the slickness of iOS, but thanks in part to its open source nature, the levels of malicious software and security holes have been a cause for great concern. Now, researchers have found yet another security vulnerability allowing an unscrupulous individual to potentially take full control of your control of your Android smartphone.

The exploit takes advantage of the method by which Android app are signed to ensure authenticity, preventing users from installing apps modified by a third party other than the intended developer. The folk of mobile security firm Bluebox have noted that the flaw has existed since Android 1.6, which was initially released almost four years back, and any hacker looking to take advantage of it could play around with app codes, keyloggers and such without needing to consult the verification signature. But that’s not the most worrying part; 99% of the devices on the market right now are affected by this flaw. Now that’s really alarming!

Malicious apps would, in turn, be able to enjoy the same kinds of powers and authority as the legit ones, and this would obviously spell trouble for anybody whose device was infiltrated. Bluebox has also noted that illegal access could be particularly sinister if the modified app is one pushed as stock by the manufacturer or manufacturing partners, since these apps tend to enjoy stronger access and privileges. Just as some of your device’s native apps are impossible to install, move, and have the ability to make many changes and essentially fly without a license at times, the culprit could theoretically do the same, but with potentially dire consequences.

This is because, according to Bluebox, the application can read app data, such as e-mails, SMS messages and documents, and as well as being a gross invasion of privacy, could also present more of a headache in the future if, say, your bank details were found and used.

exploit

But even that’s not worst case scenario. The culprit could, with a little work, create a silent botnet, which is a scary thought given how most of us expect our devices to be secure.

Like most Android issues, this one is pretty much avoided so long as you stick with the Google Play Store and don’t start using those notoriously dodgy third-party offerings. Nonetheless, as an Android user, I do find this discovery to be rather disconcerting, and one hopes Google will continue to take preventative steps to ensure such a thing doesn’t become a widespread issue.

(Source: Bluebox)

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.