Now Available: Alternative Fixes for Android ‘Master Key’ Vulnerabilities

Android Apps on Mobile Devices | Official Website

Android Apps on Mobile Devices | Official Website

As a huge number of Android mobile devices are at high risk of dangerous vulnerabilities, a number of alternative fixes emerged to give the issue a workaround.

The ‘Master Key’ Vulnerabilities

The vulnerability discovered by Bluebox may affect over 900 million devices, which was manufactured over the last four years and running Android 1.6 or higher. It is particularly dangerous, as it lets the hacker modify the Android package file.

This Android package file is used to install an application without affecting its original cryptographic signature. Meanwhile, the signature is generated by the application’s author to verify the software’s integrity. By using the so-called ‘Master Key’ vulnerability, hackers can modify an application and gain control of an Android device.

Google quickly rolled out patches for the software issue. However, mobile phone manufacturers and operators are often slow in releasing bug fixes. As a result, mobile devices users are in critical situation.

According to Gartner, over 156 million Android smartphones were sold worldwide during the first quarter of 2013. This accounts to 74 percent of the market share. This can also mean that a lot of users are running vulnerable devices.

Alternate Fixes

Last Tuesday, security vendors Webroot and ReKey released their software that can detect whether an Android device is susceptible to Master Key vulnerabilities.

Webroot deployed a patch within their SecureAnywhere Mobile product, which covers Android Jelly Bean 4.1 and Ice Cream Sandwich releases. ReKey, on the other hand, is an app that applies the Google patches, as well as alert a user if an application tries to install suspiciously.

Google is also doing something to protect their users by scanning the apps on its PlayStore for legitimacy. In addition, Android has the “Verify Apps” feature that verifies an application before installation.

Leave a Comment