Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

C2 provides technology services and consultation to businesses and individuals.

T (818) 584 6021
Email: [email protected]

C2 Technology Partners, Inc.
26500 Agoura Rd, Ste 102-576, Calabasas, CA 91302

Open in Google Maps
QUESTIONS? CALL: 818-584-6021
  • HOME
  • BLOG
  • SERVICES
    • Encryption
    • Backups
  • ABOUT
    • SMS Opt-In Form
    • Terms and Conditions
    • Privacy Policy
FREECONSULT
Tuesday, 16 July 2013 / Published in Woo on Tech

Android App Flaws Revealed

Android_logo.png

Lest you think Facebook is the only security punching bag getting a beating lately, two significant flaws in the Android application platform have been revealed by overseas security teams. Without going into the gory details, each team has found a different way to create a trojanized APK (the file format in which Android apps are delivered) that is indistinguishable from the original. This would allow an app to appear and function normally, but also execute functions like transmitting your passwords, texts, emails on the sly. Google has already put together a fix and distributed a patch to OEM manufacturers, and supposedly they are able to detect this sort of exploit on the Google Play Store.

You need to worry if you “sideload” apps on your Android phone, which is to say you get apps from sources other than Google Play. Keep in mind, even Amazon’s App store counts as a sideloading source, and as of the moment, they aren’t scanning for this vulnerability.

What this means for you:

Even though Google has issued a fix for this particular vulnerability, they can’t force the update upon the millions of Android phones out there affected by this weakness, as that task lies with the phone manufacturers and the carriers. With the exception of avid power-users, most Android users are unaware that their Android OS may be months or years out of date, primarily because cellular carriers insist on selling phones that use a modified version of the OS that does not automatically get updated when Google updates the core version of Android. On top of this, the carriers are notoriously slow in issuing updates. If you are wondering what folks are talking about when they are discussing “Gingerbread”, “Honeycomb”, “Ice Cream Sandwich” and “Jelly Bean”, they are referring to the various versions of Android OS, where Jelly Bean is the latest. Supposedly this exploit exists as far back as “Donut” (ver 1.6).

Even worse, certain older models of Android phones may never get updated, as the carrier has essentially abandoned firmware updates for phones that are “retired” from active support. Users of these phones have essentially two options: root, unlock and update the phone with a custom version of the Android OS developed by the open source community, or buy a new phone. The former option is definitely not for technically-disinclined. Given the gravity of the vulnerability, the carriers may issue patches for the majority of its phones, but I wouldn’t hold your breath.

Until you are able to verify your Android smartphone is running a version of the OS that fixes this vulnerability, don’t sideload applications. If you want to be extra safe, avoid using smartphone apps that transmit sensitive information like banking passwords, pins and other sensitive personal information. As I’ve reiterated before, exercise caution before convenience, especially when it comes to protecting yourself.

  • Tweet
Tagged under: Android, exploit, Google, play store, security, sideloading, smartphone, trojan, vulnerability

What you can read next

Google Glass
Google Glass Rises Again as Autism Research Tool
Who's hacking who?
Who hacks the hackers?
Time for caution!
Nineteen year-old bug could expose your credentials

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • RIP Skype

    Two years ago, in 2023, Microsoft announced tha...
  • Make a list, check it twice!

    Get ready to show your work

    I’m sure it’s still a thing for stu...
  • Windows 10 Countdown

    As of now, Microsoft seems to be holding fast t...
  • two ceramic smiling poop emojis on a white background

    It’s not just you

    I first encountered Cory Doctorow through his n...
  • The end of Classic Outlook?

    There have been plenty of rumors about the upco...

Archives

  • GET SOCIAL
Get Tech Support Now - (818) 584-6021 - C2 Technology Partners, Inc.

© 2016 All rights reserved.

TOP