A little more than a week ago, Bluebox, a startup company that specializes in security for mobile platforms, revealed a bombshell: Last February it discovered a very serious vulnerability in Android through a bug that has been in the system since version 1.6. Taking into account that said software is used on 75% of smartphones across the globe, not counting the millions of tables and other similar devices, the problem has caused a big stir that seems to be dying down now that Google has confirmed that it has been fixed.
If we go off just numbers alone, we would be talking about 900 million electronic devices affected by a problem that has been around for four years, which is when the first vulnerable version of Android was released. And we’re not talking about a small security flaw, but rather the ability to modify installed apps on your device without the operating system ever knowing.
Android apps use a signing and encryption system, such that after being created by their authors and installed on your device, they can’t be modified at all without the operating system or user’s consent. Now, imagine that someone could access said application and modify the permissions it has, for example, so that a harmless mini-game ends up being able to read your address book, or access your phone’s settings. And, what’s more, who’s to say that someone couldn’t modify the native apps on the operating system using the same method? Ultimately, it would be chaos.
Gina Scigliano, Google’s Android Communications Manager, confirmed this week that the problem is now under control, and that the information necessary for correcting the problem on the different versions of Android has been sent to the different OEM manufacturers. Ever since 2011, dozens of manufacturers have launched their own personalized version of Android for certain hardware, and in many cases, especially on older smartphones, this update may never reach them.
In spite of the seriousness of the situation, it seems as though the problem hasn’t been exploited in any way. Likewise, Google was quick to say that they haven’t received any complaints regarding the matter, and that no app on Google Play has been modified in any way. What is really surprising is the fact that Google has started working on the problem this month after Bluebox’s public announcement, which was made last February. Is their sense of urgency too small for such a serious problem?
Bluebox has released an app that tells you if your specific device has received a patch from the manufacturer that fixes the problem. Additionally, it tells you if you have the option disabled that allows non-Market apps to be installed, and also performs a security scan.
Download Bluebox Security Scanner on Uptodown