An Android vulnerability lets you modify apps without breaking signatures
A vulnerability in Android that exists from Android 1.6 Donut, allows you modify any signed application into a Trojan program and steal data or take control of the OS, according to mobile security firm Bluebox.
The San Francisco-based company has found out the security glitch present in Android affects 99% of the devices and the company claims to have informed the Google developers about the flaw in the OS.
The Android applications make use of the cryptographic signatures and when an app is installed, Android records the digital signature of the application. The subsequent updates of the app need to match its signature and the researchers at Blubox have found a way to modify apps without breaking these cryptographic signatures.
However, it is not possible to distribute the modified app and exploit this flaw using the Google Play Store as the application entry process is updated by Google, so as to block apps with that contain the above exploit.
Apparently, Google has confirmed that there are no existing apps from the Play Store that have this problem and for now, Samsung Galaxy S4 is the only device that has a fix for the glitch. Google developers and the manufacturers are aware of the vulnerability and the patch for the security flaw is expected in upcoming software updates.
Featured
Hot or Not: Android M, iOS 9 and Watch OS 2.0
Oppo R1x battery life test
Oppo R7 battery life test
Lenovo A7000 Preview
HTC One E9+ performance benchmarksCategories
- Mobile phones
- Mobile software
- Mobile computers
- Rumors
- Fun stuff
- Various
- Android
- Desktop software
- Featured
- Misc gadgets
- Gaming
- Digital cameras
- Tablets
- iOS
- Desktop computers
- Windows Phone
- GSMArena
com - Online Services
- Mobile Services
- Smart Watches
- Battery tests
- BlackBerry
- Social Networks
- Web Browsers
- Portable Players
- Network Operators
- CDMA
- Windows
- Headphones
- Hands-on
Comments
Rules for posting