Just when the whole world is gauging the success of Android, and you may be happy to show-off yours recently bought premium class Android phone, there may be someone who is equally happy to see his database size growing with full of people’s personal information, passwords, emails and SMS messages. And, all this is being executed without any intimation or knowledge of the legitimate owner of all such vital piece of very personal information; Welcome to the world of Android.
According to Jeff Forristal, CTO of Bluebox Security, 99% of Android phones contain serious security flaw that allows hackers to access all app and information sitting inside it. This makes Android vulnerable to malwares, botnet and computer frauds. To make the situation more terrible, Engadget has revealed that the flaw is not a new entrant as it has existed since 2009.
Surprisingly, it’s not the new learning for Google Inc (GOOG). The company was alerted about the flaw in February, claims Forristal. However, it’s not immediately clear what actions did Google trigger to fix the massive loophole in Android – Mobile OS enjoys the domination with 51% market share of Global Smartphone OS.
The flaw permits to modify an existing app in Android without actually changing the app’s cryptography signature – something designed to keep track of latest updates and upgrades of each app. Consequently, the illegitimately modified app is also read as genuine in spite of the facts its has been modified by any hacker or injected any vulnerable code or malware.
Forristal explains “All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been.”
This results in possible hacking of your personal data that later gets sold to hundreds of thousands of marketers out there who will make use of the very ‘useful element’ in illicit forms of promotion and marketing.
Though, Google has denied to comment in this, but CIO claims that Google has fixed the Google Play app store. However, the solution seems to an effort to do damage control, as the company is yet to act against those apps that are being downloaded from non-Google Play stores. Unless Google doesn’t have solution at the core level ( at Android level), there is no end to such loop wholes.