KitKat gets fix for Android app tampering bug, but earlier versions still vulnerable

Google has released a fix in Android 4.4 KitKat for a bug that can be used to stealthily manipulate apps on Android 4.3 and below.

Android devices running versions of the operating system below KitKat 4.4 are vulnerable to a new bug that could allow an attacker to modify an existing app without the OS knowing anything is wrong.

Discovered by iOS jailbreak hacker Jay Freeman, also known as Saurik, the new bug is similar to the so-called 'master key' flaw that was reported to Google in February and publicly disclosed this July.

The bug was said to affect all Android devices since at least version 1.6, and allowed an attacker to tamper with a legitimate Android app without breaking the cryptographic signature that Android uses to verify its integrity and authenticity.

Google made changes to Google Play to block any trojan apps that exploited that particular bug. However, since then, other researchers discovered another, similar bug.

Read More