A Massive Security Flaw in Your Android Phone

Sorry! It seems your android device has a big and serious security flaw. Well, it’s not just your device that’s vulnerable, but 99% of the android phones made in the past four years. Researchers have done some deep digging and have confirmed that a zombie-like security flaw can allow a hacker to take complete control over your android phone.

Yes! A ‘Master Key’ security loophole has been unearthed in the world famous OS by Bluebox security firm.

Have you packed one of the said android phones?

By now, you might have come across some reports about this flaw that can affect 900 million android phones. Assuming your android phone to be at risk, how worried you have to be? If you are in a hurry, then the answer would be – Not too worried! But, that’s only if you stick to the applications from Google Play Store. If you want to know more about the flaw, then here’s the explanation:

Google has developed a lot in the couple of years to offer the best user experience that is comparable to the Apple’s iOS. Starting from the Android Cupcake version 1.5 to the Android Jelly Bean version 4.2, Google has constantly upgraded its features and has made its mark as the finest operating system in the smartphone market. But, it’s open source and the android fragmentation has let to great concerns about malicious software and security holes. The weakness is so dangerous that it can turn any application on your android phone into a malicious Trojan.

Android Versions at Risk:

This definitely appears to be a serious vulnerability for almost all the android devices with these versions of android:
• Donut 1.6,
• Éclair 2.0–2.1,
• Froyo 2.2,
• Gingerbread 2.3–2.3.7,
• Honeycomb 3.1–3.2,
• Ice Cream Sandwich 4.0.X,
• Jelly Bean 4.1.X–4.2.X.

What Happens?

The security flaw revolves only around applications. So, if you haven’t installed any apps (then, what are you doing with your phone), you are probably safe. But, for those who live with the apps on their android phone, there are high chances to fall foul of the hack. It seems that the flaw lies in the verification process of the APK files or Android app packages.

Due to this flaw, the code of these app packages can be altered secretly. Since these apps, when downloaded, comes with privileged access to the android device, the possibility of ‘Trojan’ apps to gain full access to your android phone is extremely high. In other words, this Trojan can take over the various aspects of your device, steal your personal information stored in the device, or even turn your phone into a part of wider botnet.

The problem has not stopped here! In fact the problem is exacerbated by the smartphone manufacturers. Since the android operating system is fragmented to various versions by the smartphone developers according to their need, getting the operating system updates with security fixes out to the android users is more likely to be the most difficult task. And so, the chances that you never get the security fixes are high. Hideous, isn’t it?

It’s really worth noting that this issue pointed out by Bluebox, appears to be serious indeed. But falling as a prey to hackers would certainly require your authentication to download an app with the modified malicious code. To put it across simply, it requires user actions like downloading apps from a non-official source. Then, why not avoid it?

Good News!

Sources reveal that Google has fixed the Play store and the users are now not allowed to download those apps that are vulnerable to this flaw. But when it comes to apps from third parties or even the apps from the smartphone manufacturers, the chances for this security flaw are really high.

So now, you neither know the actual impact of this vulnerability, nor the timeline for fixing it! Just stay cool with fingers crossed and wait for the smartphone manufacturers to release their patched versions of android OS (something that happens notoriously slowly) to fix this massive security flaw.