Security bug means virtually all Android devices could be prone to hackers

Virtually all Android devices may be prone to hackers due to bug
Android needs some serious damage control

A security flaw discovered in almost all Android devices means that post-1.6 versions of the OS could be open to intrusion.

The information was released by Bluebox Security, which claims that the "Android master key" makes 99 per cent of devices vulnerable – that's about 900 million devices.

The flaw is down to the way Android app updates are verified, as developers are able to modify the code of an app update without breaking the cryptographic signature. In other words, it's easy for them to hack in and put some nasty code in an app on the store that appears perfectly innocent.

"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," said Bluebox on the potential risks.

Paranoid Android

What's worse, the flaw has existed ever since Android 1.6. Bluebox claimed that the Samsung Galaxy S4 is the only device not prone to the problem, suggesting a patch may have already been installed on the phone.

Google, which was informed of the exploit in February and is said to have since notified its device partners, and apparently working on an update for its Nexus line, but the responsibility to create and dispatch the patch for other devices lies with their respective manufacturers.

We contacted Google for a response and will update if we hear more.

Via Venturebeat

Hugh Langley

Hugh Langley is the ex-News Editor of TechRadar. He had written for many magazines and websites including Business Insider, The Telegraph, IGN, Gizmodo, Entrepreneur Magazine, WIRED (UK), TrustedReviews, Business Insider Australia, Business Insider India, Business Insider Singapore, Wareable, The Ambient and more.

Hugh is now a correspondent at Business Insider covering Google and Alphabet, and has the unfortunate distinction of accidentally linking the TechRadar homepage to a rival publication.