Home Tablets Android Vulnerability – 99% of Android Devices Could be Affected

Android Vulnerability – 99% of Android Devices Could be Affected

Jumia Brand Festival

Last week, Bluebox Security, a security firm, uncovered a 4 year old vulnerability in Android’s security system. According to Bluebox, the vulnerability allows a hacker to modify the APK code of an Android application without breaking its cryptographic signature, making its potential harm undetectable by the Android security and authentication system.

Where to Buy Smartphones

Jumia.com.ng from ₦7,999.00 Buy Now
Konga.com from ₦9,500.00 Buy Now

Android Trojan Vulnerability

According to Bluebox this vulnerability has been around for at least since Android 1.6 and could affect any Android device released in the last four years or potentially over 900 million Android devices.

Tell your Brand's Story on NaijaTechGuide See why you need your story on NTG, Click Here
Nigeria's Number 1 Tech Blog

Cryptographic signature enables Android to verify whether an app is legitimate or whether it has been tampered with. Modifying an app should change its signature allowing Android to detect any changes. However, this vulnerability allows for a hacker to modify an app without breaking the signature, deceiving the Android security system, the phone, and/or the app store into thinking that the app is unchanged.

Bluebox security revealed that with this vulnerability, a hacker can install a malicious Trojan as a legitimate app and use it to read data like SMS, emails, and documents from Android devices. They can even turn on your camera and take photos with it as well as record your calls, retrieve your saved passwords, send SMS, and make calls with your Android devices.

Google has fixed the Vulnerability, But

However, Google has fixed the vulnerability and has sent patches to its OEM partners. Bluebox claims it alerted Google of the vulnerability since February, so the company has had ample time to rectify the problem. According to reports, Samsung and a few other OEMs have already started shipping devices running the fixed Android. However, existing devices remain vulnerable until OEMs and carriers release updates.

Given the fragmentation and customisation involved in Android, this update may take weeks, months or even forever to get to existing Android devices. The situation for Android users in Nigeria may even be more hopeless, given the reputation of some of the Android vendors that operate in the country. So, it is your duty to protect yourself.

List Building Program

For now Google has upgraded the security at the Google Play Store to identify apps exploiting this Android vulnerability. This means that downloading your apps from the Google Play Store will keep your device safe for now. Downloading your apps from unofficial Android stores increases the chances of your Android devices being affected by this vulnerability.

So, if you are in Nigeria, stick to Google Play Store.

Buy Android Phones Online

More on Android

Paschal Okafor is NaijaTechGuide Team Lead. The article Android Vulnerability – 99% of Android Devices Could be Affected was written by Paschal Okafor. The article was last modified: October 9th, 2019

$1.00/mo* Trust your web hosting to the #1 web host provider, GoDaddy

NaijaTechGuide may receive financial compensation for products/services purchased through affiliate links on this site. See full Affiliate Disclosure Here