Home » Android » Check if your Android phone has been repaired security key "Master Key" yet? with Bluebox app
Few days ago the company Bluebox Labs announced a four-year-old security flaws in Android have the ability to affect 99% of devices running this OS. This error is related to overcoming key applications to install malware on the user's machine, it is known as the "Master Key". Now, Bluebox has provided a small tool to help reveal if our machine has been patched or not. In addition, this application has the ability to inform whether the app is intended to exploit "Master Key" to endanger smartphone, your tablet. Based on this, you may decide to remove the malicious app from the machine while waiting updates from the manufacturer. Download and install the tool Bluebox here. The Google also confirmed that it has finished patching security vulnerabilities and updates are sent to the hardware manufacturers to distribute them to users.
How to watch:
The second line is the machine that will let you install apps from outside Google Play or not
The third line indicates any app exploits Master Key or not, if it will display red text with the name of the app
Bluebox Labs says that this vulnerability has emerged from the Android 1.6 "Donut", that is, four years ago, and affects the "99%" devices running Android. Typically, the application will be authenticated by a digital signature is encrypted, so the update is not due to the release of programmers (ie other than the app lock code base) installation will be rejected. But the Bluebox, they have discovered a way to change, modify apk files without having to break the aforementioned khoachu sign. This is something that hackers can exploit to install malicious code on the device, as long as the hackers figure out how to install that package distribution to consumers.
Taking advantage of Google Play Store to distribute and install the modified app is not feasible boiGoogle updated app store to prevent this happening. But if users install software from third-party app stores, or manually download and copy to install on the machine, then the risk of malicious code through the sticky above error is real. If a user were tricked into opening the email or website that contains malicious code, the same thing could happen. Once the attacker has installed its malicious code, he can full access to your system, since it steals data (email, SMS, documents), is the password to extract all of the services are logged on and turn Android devices into a botnet. Yet, malware can also make calls, texting, taking pictures and recording unauthorized without the user's knowledge.
Source: Google Play