If you own an Android device, you most like have heard about the security exploit discovered last week by Bluebox Security that affects almost all Android users. Samsung has already issues a fix for its Galaxy S4 device, but that is one device among the countless number out there and the exploit is capable of affecting versions of Android from 1.6 to 4.2.2. Thankfully, Google has stepped up to the plate and leaked the security hole….and now it’s in the hands of the OEMs and carriers to roll it out to customers.
The basic premise of the exploit is that someone could maliciously repackage a signed application with malware and it wouldn’t be caught, as the security payload would be identical. So, for all intents and purposes the app would look legit from the outside, but be packed with malicious code within. However, the message on how to prevent it from affecting your phone is relatively simple: don’t side load software from outside the Google Play Store. While apps may still be able to be compromised maliciously even in the Play Store, it is not possible to take advantage of the exploit through the official App Store.
However, Google has confirmed that it has patched the exploit and distributed the code to the manufacturers. Now, it’s in the hands of the corresponding companies, such as HTC and Samsung, to roll out the security update to the carriers. Just how long this will take and whether it will cover each and every device out there is still questionable. If the past is any indication, I wouldn’t be holding my breathe while I wait.
In cases like this that involve huge security flaws, should OEMs be able to bypass the carriers and do a rollout themselves?