Phone Scoop

printed October 31, 2014
See this page online at:
http://www.phonescoop.com/articles/article.php?a=12612

Home  ›  News  ›

Vulnerability Allows Maliciously-Modified Android Apps To Appear Verified

Article Comments  21  

Jul 4, 2013, 9:13 AM   by Rich Brome

A newly-revealed vulnerability in Android allows attackers to bypass the usual app authenticity and integrity checks. Normally, the checks allow Android to verify that an app has not been modified. This new issue allows those with ill intent to modify an app with malicious code, without breaking the security signature. This will cause Android to report that the app is genuine and unmodified, when in fact it is not. The issue does not affect apps downloaded and updated exclusively through Google's Play Store. Apps downloaded or updated through any other sources may be affected. Full protection can only be provided by a patch to Android itself, which is up to phone manufacturers (and carriers) to provide. Samsung has implemented a fix on its Galaxy S 4, but the fix has not been confirmed for any other phones, and Google has not yet patched the issue in the base Android code, nor on its Nexus devices. Google was first notified about the issue in February, and notified its major partners in March. It affects all versions of Android from 1.6 through 4.2.

more info at IDG »
more info at Bluebox »

AD

Comments

Forum Options

This forum is closed.


Subject Author Date
This points to a need for HUGE changes in smartphone security tjobrien21 Jul 8, 2013, 1:07 PM
Since February OmegaWolf747 Jul 4, 2013, 9:36 AM
Amount of people... Hays21 Jul 4, 2013, 2:19 PM
 
 
Page  1  of 1

This forum is closed.

Subscribe to Phone Scoop News with RSS Follow @phonescoop on Twitter Phone Scoop on Facebook Phone Scoop on Google+ Subscribe to Phone Scoop on YouTube Follow on Instagram

 

All content Copyright 2001-2014 Phone Factor, LLC. All Rights Reserved.
Content on this site may not be copied or republished without formal permission.
1