Click to Skip Ad
Closing in...

‘Fake ID’ security flaw could be the greatest threat to Android phones yet

Published Jul 29th, 2014 11:40AM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

One Android feature that never made its way to iOS may be the cause of one of the most worrying security exploits ever on the mobile platform. AppleInsider reports that Bluebox Security has found an Android design flaw that could potentially allow malware apps to take over someone’s device without requiring users to manually give the app permission to access their phones.

Dubbed ‘Fake ID,’ the flaw allows the malicious apps to send fake credentials to Android, granting the app the ability to take on the form of another legitimate app that would have more extensive access to the device.

Perhaps unsurprisingly, one of the trusted apps that ‘Fake ID’ can assume the identity of is Adobe Flash, an Android-specific feature that Steve Jobs refused to include in iOS for this very reason. Although Google ditched Flash for Android a few years ago, the software was so deeply ingrained in the platform that a residual flaw remained in the Android WebView until the release of Android 4.4 KitKat.

Unfortunately, only 18% of Android users have installed KitKat, which leaves 82% of the Android population vulnerable to ‘Fake ID’ through Flash. Of course, Flash isn’t the only victim — Google Wallet can be exploited as well, putting users’ financial data at risk.

According to Bluebox, “other devices and applications that depend upon the presence of specific signatures to authenticate an application may also be vulnerable. Essentially anything that relies on verified signature chains of an Android application is undermined by this vulnerability.”

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.