We previously reported about the “Master Key” Android bug that affects 99% of all Android devices over the past four years. This bug was discovered by the team over at Bluebox Security and allowed hackers to convert legitimate applications into Trojan malware. Bluebox Security CTO Jeff Forristal said that this bug has been “around at least since the release of Android 1.6, [and] could affect any Android phone released in the last four years — or nearly 900 million devices.”
Google recently made an announcement regarding this concern saying that they have already released a patch to fix this security risk. The company has also submitted the patch to its partner OEMs who will be responsible in releasing the patch to their respective devices.
According to Gina Scigliano, Google’s Android Communications Manager, “A patch has been provided to our partners – some OEMs, like Samsung, are already shipping the fix to the Android devices. We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”
We have previously learned that the Samsung Galaxy S4 already has this patch. Verizon Wireless is also rolling out the patch via OTA to the Motorola Droid Razer HD and Maxx HD. The update is 50 MB in size and is said to enhance GPS, data metering, Bluetooth connectivity, fixes SMS bugs, and also comes with the patch to fix the “Master Key” bug.
For other Android devices that still don’t have this security fix its best to avoid getting apps from any third party market place. Experts even warn of getting apps from Samsung or even Amazon app stores since they also pose a risk of carrying malicious apps. Stick with Google Play when getting apps since Google has already updated the market place to check for any malicious apps. Scigliano said that “We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”