A team of researchers at Bluebox security have discovered that there is a major vulnerability in Android that would allow evil intended hackers to modify a digitally signed Android application (APK) without breaking the application’s cryptographic signature, which means the app would look legit even after its code has been altered.
According to Bluebox who will disclose the details regarding this major security flaw at the upcoming Black Hat conference in Las Vegas on August 1st. They also claim that over 900 million Android devices are exposed to this vulnerability.
Meanwhile some mobile makers have already addressed the matter by fixing it and pretty soon Google Inc will release a patch to the Android Open Source Project (AOSP) as well, according Jeff Forristal, chief technology officer at Bluebox.
The vulnerability found is easily fixable, but the problem lays elsewhere now, we all know how unreliable Android is when it comes to software updates, and that’s because of the way vendors and carriers alike are handling the upgrades.