Forum switched to read-only as of 2020/06/01
|Latest product reviews|
A few months ago, Jeff Forristal from bluebox.com discovered a security issue in Android system and disclosed it to Google in February 2013 (filed as Android security bug 8219321) another similar problem has also been highlighted a few weeks ago (bug 9695860)
These security issues allow exploiting signed Android applications (APK) by modifying the program they contain while maintaining the existing application signature intact. Such modified applications will appear signed by the original author so the exploit can be used by someone with bad intentions who could modify an application in a malicious way including a potentially dangerous payload.
These vulnerabilities have been patched by Google in their Android Open Source Project (AOSP) code, but not all OEM manufacturers have yet deployed these fixes so far. Smaller manufacturers (which is the case for most Chinese tablets, including Archos / Arnova) haven't yet fixed all their products. Some modified versions of Android code such as CyanogenMod (CM 10.1) have already the fixes in place. According to bluebox.com, Google Play Store should be protected to received applications modified to exploit this security problem. Still, it's quite easy for to malware type applications hosted on less protected Market places or downloaded from upload sites could easily infect unprotected devices.
We recommend that you make sure your device is patched against the Master Key vulnerability. If that's not the case, stay safe and download apps only from official market places or trusted sources.
Check your device using Bluebox Security Scanner
This application will check if your device has been safely patched against Google "Master Key" security bugs…
If you like our web site, applications and firmwares, feel free to support our site. Donations are used to pay the bills for our server hosting costs, development tools and purchase new tablets to support.
If you like our firmwares, please consider making a donation to support our work.
If you like you can patch your rom by yourself using Xposed Framework and Master Key Dual Fix.
- Oma -
I think some altered forms of Android code, for example, Cyanogenmod (CM 10.1) have as of now the fixes set up. As indicated by bluebox.com, Google Play Store ought to be secured to accepted requisitions adjusted to adventure this security issue. Still, its simple for to malware sort requisitions facilitated on less ensured Market puts or downloaded from transfer locales could undoubtedly taint unprotected gadgets.
Most Users Ever Online: 803
Currently Browsing this Page:
Devices in use: Desktop (37), Phone (4)
Guest Posters: 43
Moderators: globula_neagra, exelletor, JochenKauz, Oma7144, cracktech