An "Android Master Key" has been discovered by The Bluebox Security research team, which could lead to millions of Android users' security vulnerable.
The team discovered that the security flaw, which allows a hacker to modify APK code without breaking an app's cryptographic signature, which can turn any app into a Trojan without the user knowing.
This could mean that potentially 99 percent of all Android phone owners who owns a phone from the last 4 years could be affected.
The vulnerability may affect all Android-based phones that have been released in the last 4 years.
The researchers claim that anyone who breaks into an app could even "take over normal functioning of a phone."
According to Bluebox, "All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn't been tampered with or modified. This vulnerability makes it possible to change an application's code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been."
The security has been reported to Google in February, according to Jeff Forristal, chief technology officer of Bluebox Security research firm. He also said that some manufacturers have released updates to fix the problem, such as the Samsung Galaxy S4.
Clich here to read more about the Bluebox's findings.
