We hear a lot about security issues on Android but the vulnerability discovered by Bluebox Security recently is something truly special. Essentially, the vulnerability theoretically allows hackers to change mobile applications’ codes without breaking the cryptographic signature that’s needed to verify an app’s legitimacy. In other words, the vulnerability could give hackers free rein to transform any app into malware. To make matters worse, Bluebox says that this problem has existed since at least Android 1.6, which means that the vast majority of Android devices are vulnerable to malware-producing hackers. But fear not! ZDNet reports that Google is sort of on the case and that it’s sent out a security patch to its OEM partners that will close the security hole once it’s installed.
Given the large number of Android vendors out there, it’s difficult to say when different devices will actually have the patch available. A Google spokesperson tells ZDNet that Samsung “is already shipping the fix to the Android devices,” although it’s not clear when smaller vendors will push out the fix to their devices. The spokesperson also says that the company has seen no evidence that hackers have exploited this weakness on the Google Play store.