Android users can now breathe a sigh of relief. Google has issued a fix for Android that patches a security hole which allowed attackers to turn 99 percent of all applications into Trojan malware. Originally discovered by Bluebox Security, the vulnerability was first brought to light in Android 1.6 “Donut.” The exploit could affect 900 million devices or any Android device purchased in the last 4 years.
The vulnerability is associated with how applications are verified and installed. All Android applications have cryptographic signatures which ensure that the contents of the application have not been adulterated. The security hole, however, enables attackers to change the contents of an application while leaving the signature intact.
The fix is not yet available to the general public, but only available to Google’s original equipment manufacture (OEMs) partners. The general public must wait for hardware vendors to release an official patch.
Though it may seem worrisome to some Android users, there is little reason to panic. Gina Scigliano, Google’s Android Communications Manager, has said “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”
The number of malware on Android has been on the rise. Mobile malware increased 155% in 2011, and 614% from March 2012 to March 2013. In order to avoid compromising its users, Google has taken significant measures to prevent breached security.