Android flaw exposes phones to malware

An Android flaw has been uncovered that lets malware insert malicious code into other apps, gain access to the user’s credit card data and take control of the device’s settings.
BlueBox Labs said it was of particularly concern as phone and tablet owners did not need to grant the malware special permissions for it to act.
The company added it had alerted Google to the problem in advance to allow it to mend its operating system.
Google confirmed it had created a fix.
“We appreciate BlueBox responsibly reporting this vulnerability to us. Third-party research is one of the ways Android is made stronger for users,” said a spokeswoman.
“After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to the Android Open Source Project.”
However, the many thousands of devices still running versions of the operating system ranging from Android 2.1 to Android 4.3 and have not been sent the fix by relevant network operators and manufacturers remain vulnerable if they download apps from outside the Google Play store.
The flaw has been dubbed Fake ID, because it exploits a problem with the way Android handles the digital IDs used to verify that certain apps are what they appear to be.
Android 4.1 BlueBox warns that old unpatched versions of Android remain vulnerable
Adobe Flash in Google Play Apps that make use of Adobe’s Flash plug-in can have malware added to their code. A single app can carry several fake identities at once, allowing it to carry out multiple attacks.
Google Play Google says it has scanned all the apps in its Google Play store for the flaw.
Credit: BBC