Android Master Key: Google Pushes Patch To Fix 4-Year-Old Security Flaw

In light of the discovery of a huge flaw that has existed in its security for about four years, Google has moved to patch the security error that could potentially leave any device released in this time frame vulnerable to hacker attacks.

The flaw was originally discovered by Bluebox Security, a security research firm who found that an exploit in the Google Play application store's verification system gave hackers a potential "master key" to the Android system by making it possible to release harmful malware to users through applications.

The vulnerability has been around since Android 1.6, which makes it present in nearly 900 million devices that run the Google powered operating system. Hackers could gain access to any and all information that a person volunteers to an application such as website information, passwords or even financial information.

Gina Scigliano, Google's Android Communications Manager, said to ZDNet that, while Google didn't have a statement, she could "confirm that a patch has been provided to our partners - some OEMs, like Samsung, are already shipping the fix to the Android devices."

These means that all Android users who wish to have this gap in their device closed and protect themselves from harmful malware from hacker attacks will need to rely on their hardware vendors rather than having those running the operating push some kind of universal update. However, the real thing to keep in mind is simply the fact that the flaw was found before it was heavily exploited.

"We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools," Scigliano said. "Google Play scans for this issue - and Verify Apps provides protection for Android users who download apps to their devices outside of Play."

Still, sites like TechSpot note that although the 4.2 version of Jelly Bean has users covered, those with older devices should exercise caution and common sense when downloading apps from unreliable sources as they may still be subject to the security flaw.

Real Time Analytics