According to security researchers at Bluebox, they have discovered a 4 year old bug in Google’s Android OS, that could potential allow a hacker to modify APK code and turn any legitimate app into a malicious Trojan.
The bug could possibly effect around 99 percent of all Android devices, and the Bluebox team has said that the bug has been around for 4 years since the release of Android 1.6 Donut.
The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.
You can find more details about this possible bug in Google’s Android OS over at Bluebox. You should be ok downloading apps from the Google Play store, the bug could possibly be used in third party stores or the web. We suspect Google will be working hard to get this bug fixed as soon as possible.
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn more.