Last week a so-called ‘Master Key‘ exploit was discovered in Android by security firm Bluebox. This security hole meant malicious apps could deploy third party software on your Android device. This has caused some controversy, as it emerged that the error had existed since Android 1.6 (Donut) right up to 4.2.2 (Jelly Bean).
A couple of companies have created patches for the exploit, but this is definitely not the case for all smartphones that are at risk. This security bug is called 8219321, and was reported to Google in February. Device manufacturers are responsible for releasing firmware updates, and users for installing them. Google is now working on a solution for all at risk Android devices.
To find out if your your device is at risk, you can download an app called Bluebox Security Scanner. This scans your device to find out if it’s vulnerable or has already been patched, if your settings allow for non-Google Market apps to be installed, and if any of your apps are trying to take advantage of the Master Key security flaw. It is unable to check .APK files in Android’s /mnt/asec/ directory, as they are copy protected, and unreachable.
Download Blubox Security Scanner.