The announcement came from Bluebox, a company of unknown security a few days ago, but who ventured into the very choppy waters of security on the Android operating system. According to the editor, 99% of Android devices are affected by a bug allowing to bypass the security of the system model.
Because of this flaw, a pirate could modify the application code to the APK, the format of containers for the Android applications, without having to break the cryptographic signature. Opportunities possible: malware, Trojan horses, data recovery, etc. Without that user, the phone or the app store to make account.
99% of affected devices
In addition to the blessed bread that it constitutes for the communication services of the editors of security solutions for Android, this flaw "has huge implications", says Bluebox. "Vulnerability, pretty much since the release of Android 1.6 (code name: Donut), can reach any phone released in the last four years - is nearly 900 million devices - and according to the type of application, an attacker can exploit the vulnerability for anything, from data theft to create a mobile botnet."
Bluebox discovery was communicated to Google last February, and the editor today asked manufacturers to update their systems to correct the fault. Those who possess a somewhat old model may wait a long time, but it is very likely that for recent models, the fault has been corrected in the last four months.
That said, as GigaOm, do not be fooled on the Bluebox speech, which necessarily somewhat forward his discovery and expertise. For the online magazine, it will change nothing for most users.
An argument for the Store Play?
Even though he admits that this is not just "a stunt", GigaOm tempers the new. As often, will be especially concerned users who download applications outside Google Play Store. The new is not conspicuous by its incitement to freedom of choice, especially as Google has strengthened its limitations for applications on the app store: impossible for publishers to authorize updates outside the system of Play Store.
This novelty was presented last April... Either two months after Bluebox pointed the fault to Google, according to the dates of the editor. For those who, for many reasons (lack in the country of residence as in China, desire for independence from services Google, etc), prefer to use an alternative store app, risks may be somewhat mixed by systematically checking the identity of the Publisher and by updating the device.
Aucun commentaire:
Enregistrer un commentaire