Google Fixes Major Android Flaw, But It’s Up To Hardware Makers To Issue Updates


Google has patched a major security vulnerability in the Android platform that allowed hackers to inject malicious code into trusted applications without changing their verification signature. It’s now up to hardware manufacturers to make the patch available to their own devices, and Samsung is believed to be one of the first that will start rolling it out.

The flaw was recently discovered by mobile security startup Bluebox, but it has been around since Android 1.6 Donut, which was first released in September 2009. It’s thought that 99% of Android-powered devices — or around 900 million smartphones and tablets — are affected by it.

Depending on the type of app an attacker chooses to modify, the flaw for “anything from data theft to creation of a mobile botnet,” Bluebox says — and because their modifications do not break an app’s verification signature, they can enjoy the same system privileges as a legitimate one.

It’s a pretty serious problem, then, and it’s no wonder Google has stepped up and fixed it quickly. But Android users aren’t safe just yet. It’s now up to hardware manufacturers like Samsung, HTC, Motorola, LG, and others to make the patch available to their devices.

According to CNET, Samsung will be one of the first to issue an update, and we’re hoping others will quickly follow suit.

As always, be sure that the apps you download and install on your Android device are from trusted sources. Take a moment to identify the publisher of the app you wish to install before you download it, and if it doesn’t look completely legitimate, don’t try using it.