,

ReKey Patches Android “Master Key” Flaw But Only For Rooted Devices

A few weeks ago we reported about a flaw in the Android operating system that allowed cybercriminals to modify legitimate apps by injecting it with malware. Google has already patched this vulnerability and provided the fix to OEMs. While some devices already have this fix, such as the Samsung Galaxy S4, other devices are still waiting for this update.

rekey

If your carrier or device manufacturer has not released the fix yet for your device then you might want to download ReKey from Google Play. This app which is developed jointly by Duo Security and Northeastern University’s System Security Lab has a file size of only 86k and patches the master key flaw on devices running on Android 2.0 and above. One minor drawback to this is that your device must be rooted first before you can install it.

How does Rekey work? The app is based on dynamic instrumentation framework for Dalvik bytecode. The master key vulnerability is present in both Java and the Dalvik VM. ReKey basically injects a code into Android to patch the vulnerability.

A rooted device is needed since ReKey will need higher privileges. Normal apps running on Android devices do not have these escalated privileges.

ReKey currently has a 4.2 out of 5 rating at the Play Store and is getting a lot of positive feedback from people who have already tried it.

If an Android device isn’t patched yet then it is vulnerable to the master key flaw. A cybercriminal can exploit this vulnerability by modifying legitimate apps and making them carriers of malware.

For extra protection once you have used Rekey you can also install the 3CX Mobile Device Manager on your device. This security app comes with several features such as

  • Remote Lock & Wipe
  • Enforce Password Policies
  • Manage & Deploy Apps
  • Find & Track Your Devices

There are instances when you may lose your smartphone. Even if you are protected from malware there is no stopping anyone from accessing your personal information if you lose your device. 3CX Mobile Device Manager allows you to delete the data from your device remotely so that even if you lose your phone your personal information cannot be accessed.

via google play