Researchers have discovered a disturbing flaw to the popular open source platform that is found on most smart phones today. Mobile security company, Bluebox said they discovered a flaw in Android security and has begun to warn Google and customers. The flaw affects any Android device released and bought within the last 4 years and allows them to access data such as your passwords, and reach phone features like texts, camera and phone calls. Oops…
There are now an estimated 900 million Android devices that will be affected.
“A Trojan application … has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, It can essentially take over the normal functioning of the phone and control any function.” CTO Jeff Forristal Said.
The flaw relates to how Android apps are approved and verified on the system and can allow hackers to tamper with the code of the application without changing the cryptographic signatures. Basically that means any app, any can look pleasant and safe to engineers and quality control but actually house malicious software. What could be more worrying is that Google was informed of the flaw back in February and has since not made any announcement.
Forristal had commented on the matter and said that Androids fragmentation doesn’t help:
“The availability of these updates will widely vary depending upon the manufacturer and model in question.”
Android fragmentation has previously been a problem for consumers own personal preference, but now it seems their security is at stake as well. The problem lies with how Android updates are dealt with. Instead of them being rolled out on mass to every device such as with Apple, Google will release the update and leave it up to carriers to decide when and even if users will ever receive it. Users will instead face a confusing and complicated task of finding out if they will get the update.
The problem gets even worse when we look at the available Android App Stores, in Asia there are over 500+ different places to download apps from and many dot have any verification or authentication. It seems there are pros and cons to every ecosystem. Android is a brilliant platform, customisation at its core. But it seems that some of its cons maybe a little darker than we think.
Google refused to comment but is now preparing a fix.