Google Sends Patch to OEM To Fix Major Flaw in Android
Better check for updates on your Android devices as soon as possible (and continue to for a while). Recently, the mobile security firm, Bluebox, has discovered a security hole in Android that allows any attackers to convert almost all apps into malware. As of right now, Google has developed a patch for the security hole and has sent to their OEMs (original equipment manufacturers).
The security hole, which was around since Android 1.6, is caused by the problem how the Android operating system checks the apps signature. While the signature is supposed to check if the app is not tampered with, attackers could change the contents of the app while keeping the signature intact.
Though the hole is apparent in the mobile operating system, there is not a major scare for Android users. Phones with Google Play installed (which is almost all Android devices) have a process that checks and verify installed apps , which “provides protection for Android users who download apps to their devices outside of Play”.
As of right now, manufacturers are in the process of rolling out the patch to their customers. Samsung, one of the most known manufacturers of Android devices, is already sending the updates to phones. It is likely most phones that are still being supported by the manufacturers will get update in a couple of weeks (though devices that are not supported by the manufacturer are likely to be out of luck in this, making the device open for attacks). Users should check with their manufacturers for an update to Android.