Android Vulnerability – 99% of Android Devices Could be Affected

Grow your online visibility

Last week, Bluebox Security, a security firm, uncovered a 4 year old vulnerability in Android’s security system. According to Bluebox, the vulnerability allows a hacker to modify the APK code of an Android application without breaking its cryptographic signature, making its potential harm undetectable by the Android security and authentication system.

Where to Buy Smartphones from ₦7,999.00 Buy Now from ₦9,500.00 Buy Now

Android Trojan Vulnerability

According to Bluebox this vulnerability has been around for at least since Android 1.6 and could affect any Android device released in the last four years or potentially over 900 million Android devices.

Get Loans up to ₦5,000,000 Compare Loan Offers, Apply Here
Apply for a Loan in Minutes

Sage Business Cloud - Best Accounting Software

Cryptographic signature enables Android to verify whether an app is legitimate or whether it has been tampered with. Modifying an app should change its signature allowing Android to detect any changes. However, this vulnerability allows for a hacker to modify an app without breaking the signature, deceiving the Android security system, the phone, and/or the app store into thinking that the app is unchanged.

Bluebox security revealed that with this vulnerability, a hacker can install a malicious Trojan as a legitimate app and use it to read data like SMS, emails, and documents from Android devices. They can even turn on your camera and take photos with it as well as record your calls, retrieve your saved passwords, send SMS, and make calls with your Android devices.

Best VPN Deal

Google has fixed the Vulnerability, But

However, Google has fixed the vulnerability and has sent patches to its OEM partners. Bluebox claims it alerted Google of the vulnerability since February, so the company has had ample time to rectify the problem. According to reports, Samsung and a few other OEMs have already started shipping devices running the fixed Android. However, existing devices remain vulnerable until OEMs and carriers release updates.

Given the fragmentation and customisation involved in Android, this update may take weeks, months or even forever to get to existing Android devices. The situation for Android users in Nigeria may even be more hopeless, given the reputation of some of the Android vendors that operate in the country. So, it is your duty to protect yourself.

Get Quick Loan
Aliexpress New Tech Deals

For now Google has upgraded the security at the Google Play Store to identify apps exploiting this Android vulnerability. This means that downloading your apps from the Google Play Store will keep your device safe for now. Downloading your apps from unofficial Android stores increases the chances of your Android devices being affected by this vulnerability.

So, if you are in Nigeria, stick to Google Play Store.

Buy Android Phones Online

More on Android

Paschal Okafor is NaijaTechGuide Team Lead. The article Android Vulnerability – 99% of Android Devices Could be Affected was written by Paschal Okafor. The article was last modified: October 9th, 2019
Sage Business Cloud - Best Accounting Software

NaijaTechGuide may receive financial compensation for products/services purchased through affiliate links on this site. See full Affiliate Disclosure Here