There's a Massive Android Security Flaw Affecting Most of Us That Google Really Needs to Fix

By Sam Gibbs on at

Security researchers have been doing some digging and it seems nefarious types can completely take over your phone or tablet, steal your data, and wreak havoc on your digital lives without you even knowing. Ouch.

It all revolves around apps, so if you don't install apps (what the hell are you doing with your phone then?) you're probably safe. For the rest of us, even if we're careful about what apps we install, you could still fall foul of the hack. The vulnerability revolves around the digital signing of apps, which ensures that the app you're downloading hasn't been tampered with after the developer's done with it and shoved it on the store.

If some digital douchebag managed to upload a modified APK onto the Play Store, it would still check out fine, credential-wise anyway. That means there would be no way for the user to tell, and the developer probably wouldn't be alerted to it either. As the researchers point out, it could be especially dangerous if the hackers managed to get in and replace one of the manufacturer-bundled apps -- say like Dropbox or something -- as they're typically given higher permissions than regular apps to go about doing their thing.

The vulnerability has been in place since Android 1.6, apparently, and is still in effect now as far as we can tell. Google already knows about the hole, though, as Blue box reported the flaw to the father of Android back in February. Hopefully that means Google's prepped a patch or put some sort of Play Store-side scanning in place to prevent app substitutions.

Anyway, for the time being, as you should be always, frankly, it'd be in your best interest to keep your peepers peeled, and watch what you install. [Blue box via Ars Technica]

To get creative guides, app tips and the full lowdown on Samsung’s S4, Note 8.0 and Note II, check out Samsung’s Your Mobile Life over here.