A security flaw discovered in almost all Android devices means that post-1.6 versions of the OS could be open to intrusion.
The information was released by Bluebox Security, which claims that the "Android master key" makes 99 per cent of devices vulnerable – that's about 900 million devices.
The flaw is down to the way Android app updates are verified, as developers are able to modify the code of an app update without breaking the cryptographic signature. In other words, it's easy for them to hack in and put some nasty code in an app on the store that appears perfectly innocent.
"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet," said Bluebox on the potential risks.
What's worse, the flaw has existed ever since Android 1.6. Bluebox claimed that the Samsung Galaxy S4 is the only device not prone to the problem, suggesting a patch may have already been installed on the phone.
Google, which was informed of the exploit in February and is said to have since notified its device partners, and apparently working on an update for its Nexus line, but the responsibility to create and dispatch the patch for other devices lies with their respective manufacturers.
We contacted Google for a response and will update if we hear more.
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the TechRadar team.
Hugh Langley is the ex-News Editor of TechRadar. He had written for many magazines and websites including Business Insider, The Telegraph, IGN, Gizmodo, Entrepreneur Magazine, WIRED (UK), TrustedReviews, Business Insider Australia, Business Insider India, Business Insider Singapore, Wareable, The Ambient and more.
Hugh is now a correspondent at Business Insider covering Google and Alphabet, and has the unfortunate distinction of accidentally linking the TechRadar homepage to a rival publication.