Phone Scoop

printed August 30, 2015
See this page online at:
http://www.phonescoop.com/articles/article.php?a=12612

Home  ›  News  ›

Vulnerability Allows Maliciously-Modified Android Apps To Appear Verified

Article Comments  21  

Jul 4, 2013, 9:13 AM   by Rich Brome   @rbrome

A newly-revealed vulnerability in Android allows attackers to bypass the usual app authenticity and integrity checks. Normally, the checks allow Android to verify that an app has not been modified. This new issue allows those with ill intent to modify an app with malicious code, without breaking the security signature. This will cause Android to report that the app is genuine and unmodified, when in fact it is not. The issue does not affect apps downloaded and updated exclusively through Google's Play Store. Apps downloaded or updated through any other sources may be affected. Full protection can only be provided by a patch to Android itself, which is up to phone manufacturers (and carriers) to provide. Samsung has implemented a fix on its Galaxy S 4, but the fix has not been confirmed for any other phones, and Google has not yet patched the issue in the base Android code, nor on its Nexus devices. Google was first notified about the issue in February, and notified its major partners in March. It affects all versions of Android from 1.6 through 4.2.

more info at IDG »
more info at Bluebox »

AD

Comments

This forum is closed.

This forum is closed.

tjobrien21

Jul 8, 2013, 1:07 PM

This points to a need for HUGE changes in smartphone security

Somehow, Android or whatever succeeds it needs to be more agile in terms of running on a wide variety of hardware. That way, patches can be issued by Google in the morning and implemented on a user's phone that afternoon. Kinda like Windows Update if you will.

The fundamental problem is smartphone security isn't taken seriously enough. Not even close. Consider what people store on their phones: It's generally their most personal information - and often times, that of others as well. Photos, account numbers, addresses, SSNs, personal notes, email, chats, SMS... All this on a device that's always connected to the internet. Top off the insecurity with the fact that they carry it around with them, often without even a lockscreen, and it's a r...
(continues)
You make a great point. I think even Windows Phone will be just as vulnerable to these attacks, as they move forward to making desktop and Windows Phone more compatible in software design. This may allow users to download apps and other software witho...
(continues)
...
OmegaWolf747

Jul 4, 2013, 9:36 AM

Since February

Google and the manufacturers have been sitting on this since February and we're just now finding out about it? Eh? Mad
Full protection can only be provided by a patch to Android itself, which is up to phone manufacturers (and carriers) to provide.

How unfortunate for Verizon handset owners.
...
Hays21

Jul 4, 2013, 2:19 PM

Amount of people...

I feel like there are not many people that download apps from anywhere but the google play store. I doubt this will affect that many people.
I actually know a lot of people that do this. They are mostly the individuals who root their phones or dont want to pay for an app.

Personally I dont download anything unless I have a trusted source whether its on mobile or on my PC.

I rooted ...
(continues)
...
 
 
Page  1  of 1

Subscribe to Phone Scoop News with RSS Follow @phonescoop on Twitter Phone Scoop on Facebook Subscribe to Phone Scoop on YouTube Follow on Instagram

 

All content Copyright 2001-2015 Phone Factor, LLC. All Rights Reserved.
Content on this site may not be copied or republished without formal permission.
1