Android Update Vulnerability Lets Malware Bypass Digital Signature Check, 900 Million Potentially Affected
Bluebox plans to showcase the entire hack at Black Hat conference this August, but in the meanwhile, some phone makers are already looking to patch it. Google itself is planning to release a patch to the Android Open Source Project to fill in the newfound gap. The actual impact could vary, but it has the potential to let a hacker in and root around in one's data. It's unlikely this will ever happen, though, as Bluebox has no intentions of revealing the hack until it's patched.
The hack could impact Android versions as old as v1.6 (nearly four years old), meaning that nearly a billion products are at risk -- in theory. As ever, this is a great reminder to watch out for unsigned apps that you may install on your Android phone. Being a cautious user generally prevents the installation of nefarious apps.