The most feared Android security bug of them all, the existence of which had come to the fore only recently, has been issued a fix for finally by Google. This vulnerability had been discovered and brought to the notice of Google by Bluebox Security, and was claimed by it to allow attackers to convert 99 percent of all applications on an Android device into Trojan malware. And moreover, it was present in the OS ever since Android’s 1.6 version was introduced.
Google has revealed to ZDNet that this security hole has been patched by it at last, and that it has been released to OEMs. As many as 900 million devices from around the world were disclosed to be vulnerable to this bug by Bluebox Security. Its influence depends upon the process of verifying and installing an application.
Every software released through the Google Play store bears a cryptographic signature which is there to make sure that it does not get tampered with. What the security hole does is that it allows attackers to alter the contents of an application while not even touching the signature.
This means, malefic app developers can easily take control of users’ devices if they know how to exploit the bug. It was in February this year that Bluebox Security told about its findings to Google, and what’s surprising is that it has been in existence ever since Android 1.6.
Gina Scigliano, the search giant’s communications manager in the Android department, told the above mentioned website that a patch to resolve the issue has indeed been sent to the company’s partners, and some OEMs like Samsung have already started shipping the fix to their Android devices.
About possible exploitations that could have occurred prior to this, she had to say there hasn’t been any such evidence recorded by the security scanning tools from the labs of Google. It thus depends upon device manufacturers to release the fix provided to them as soon as possible to dump the issues once and for all.