Many websites on the internet, including ours, carried the story of the Android master key and it eventually turned out that people who use the Google Play Store to download apps were safe from this potential security breach but that doesn't mean that everyone is safe.
There is a distinct lack of paid apps on the Chinese Play Store and this has inevitably lead to many developers who want to develop paid apps for Chinese consumers to turn to third party app stores. Unfortunately, it's in an environment like this where malicious developers can take advantage of the master key flaw within the Android OS.
Don't just take my word for it. Recently researchers at Symantec discovered that the security flaw is being exploited in China and posted about it on their blog.
“We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments. An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available.”
After revealing this Symantec then went on to recommend that people only download apps from reputable Android marketplaces.
Of course this is one of the drawbacks of having a system that is as open as Android is and with more and more people activating Android devices each day the threats plaguing the operating system are only going to increase in the future.
What do you think of this latest Android scare in China and are you worried about your phone being potentially infected with malware? Please leave us a comment below.