Linked by Thom Holwerda on Fri 5th Jul 2013 13:59 UTC, submitted by bowkota
Privacy, Security, Encryption "Researchers said they've uncovered a security vulnerability that could allow attackers to take full control of smartphones running Google's Android mobile operating system." So, how bad is this? Can anybody with knowledge of Android's inner workings explain?
Permalink for comment 566368
To read all comments associated with this story, please click here.
Bill Shooter of Bul
Member since:
2006-07-14

I think it would be pretty difficult to get this on Google play. If I understand it correctly, it allows malicious app devs, to modify existing apps outside of the device while keeping the signature valid.

I don't think Google's malware detection is bad enough to allow me to upload an app signed by rovio.

I also don't think there is a way to infect other apps once on the device. I haven't read anything that says that it could.

Edit:

From the article:

While it would be devastating if an attacker was able to get such a modified APK into the Google Play Store, or somehow use the technique to hijack the update mechanism of legitimate apps, there are probably safeguards already in place to prevent such attacks.

"I imagine that Google would move quickly to add some logic to look for such attacks," Dan Wallach, a professor specializing in Android security in the computer science department of Rice University, told Ars. "Without that available to an attacker, this is likely to only be relevant for Android users who use third-party app stores (which have lots of other problems). This bug could also be valuable for users trying to 'root' their phones."


Edited 2013-07-05 15:01 UTC

Reply Parent Score: 4