New Vulnerability Allows Maliciously-Modified Android Apps To Appear Verified

Posted by at 11:23 am on July 5, 2013

A newly-revealed vulnerability in Android allows attackers to bypass the usual app authenticity and integrity checks. Normally, the checks allow Android to verify that an app has not been modified.

This new issue allows those with ill intent to modify an app with malicious code, without breaking the security signature. This will cause Android to report that the app is genuine and unmodified, when in fact it is not. The issue does not affect apps downloaded and updated exclusively through Google’s Play Store. Apps downloaded or updated through any other sources may be affected. Full protection can only be provided by a patch to Android itself, which is up to phone manufacturers (and carriers) to provide.

Samsung has implemented a fix on its Galaxy S 4, but the fix has not been confirmed for any other phones, and Google has not yet patched the issue in the base Android code, nor on its Nexus devices.

Google was first notified about the issue in February, and notified its major partners in March. It affects all versions of Android from 1.6 through 4.2.

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email


Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2020 · StreetCorner Media , LLC· All Rights Reserved ·