A security researchers firm named Bluebox Labs has uncovered a new security loophole in Android which allows third party developers to inject malicious content to a smartphone, without the consent of the owner. What makes this even hard to block is the fact that it can make its way to the system disguised in the form of an app update. According to Bluebox Labs, this glitch or flaw has existed since Android 1.6.
Google apparently has pointed fingers at manufacturers now to fix this particular issue. As we speak, the Samsung Galaxy S4 is said to have received a fix. The good news for users though is that the malware cannot make its way through the Play Store. This applies only to updates from third party app stores which are often shady and have little security credentials. But basically, it’s as simple as installing an app from a non-Play Store source which is possible with just a few clicks.
Users will have to be more careful now when downloading apps which are not covered under Google’s security umbrella. The Bouncer update with Jelly Bean has reduced malware somewhat, but it seems like there’s always going to be a loophole.
Source: The Verge