Jul 05 AT 1:45 PM Dima Aryeh 8 Comments

New Android vulnerability found, extremely easy to avoid malware taking advantage of it

generic security lock

Android malware definitely exists, but for the most part it’s not going to spread. As an operating system, Android is very safe. Unless you’re a fan of visiting shady sites. On the rare occasion that users encounter Android malware, it’s usually an issue of user error.

But now, a new security hole was discovered in all Android versions ranging from 1.6 to 4.2. This security hole is interesting, because it doesn’t directly infect your device. It does, however, allow apps to be modified without changing their cryptographic signature. This means that a legitimate app install could be updated with malware.

Sounds dangerous, right? Well, I can guarantee your safety if you follow a few simple rules. First of all, the malware cannot be spread through the Google Play Store, so you have nothing to worry about there. Google had recently updated Google Play security to avoid malicious updates taking advantage of this security hole. They have also made it against policy for Play Store apps to update outside of the Play Store. The vulnerability can still be exploited by apps outside of the Play Store though, so be extremely careful with third-party app storesĀ and sideloading apps in general.

Generally, sideloading apps from untrusted sources is a really bad idea. You don’t know what code someone put into a pirated version of an app, so why install it? Stick with the Play Store and other highly trusted sources, and you’ll be just fine.

Most of these security threats aren’t automatic; they require user approval. This means a user has to install an app for the malware to infect the device. As long as people are careful about where they install apps from, they’ll be safe. If you get a surprise install prompt, never press yes! It’s not that hard to stay safe.

Interestingly, it seems that Google isn’t doing much about the situation in terms of Android code. They don’t seem to be fixing this security hole but are instead leaving it to manufacturers to fix. This means that the Nexus 4 is vulnerable. However, Samsung has patched the security hole in their Galaxy S4, according to some. Either way, be careful and don’t install fishy (or phishy) apps! It won’t end well.

Source: Phandroid

Dima Aryeh is obsessed with all things car and tech. His time is split between gaming and fixing his racecar. He also does photography in his spare time.

    Most Tweeted This Week

  • Bill
    • http://www.androidandme.com Dima Aryeh

      Yep, the Play Store is safe. However, third party stores are not. And Google hasn’t been fixing the bug in Android itself.

  • http://www.androidandme.com Dima Aryeh

    You’re absolutely correct. Revised!

  • Android security

  • renyo

    Maybe it will get fixed in Key Lime Pie… Though it would be great if they could acknowledge that…

  • donger


  • Android Phone Online Store

    What a nice article! it reminds me of how technology lovers people right now. There are so many android phone online store that give us all the details we need regarding android phones.