• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

Android flaw allows hackers to create fake IDs

Updated on Jul 30, 2014 by Guest Authors

Bluebox Security has found a security loophole in Google’s Android operating system through which attackers are able to feign legitimate applications in the ecosystem in order to deceive users and take control of their mobile devices.

The Android ecosystem has a mechanism that is supposed to verify the identity of a certain app. This mechanism is important because it provides a good measure of authenticity for various online transactions. For example, it works to confirm that someone who is logged in to a bank account is the real owner of that account, not a hacker or third-party user.

android-fake-id

For Android applications, a digital signature is assigned to each software system as a virtual identification tag. Therefore, every program on an Android mobile device bears an ID that has been created based off the app’s signature. But security researchers at Bluebox found that Android’s security infrastructure overlooks the verification process to determine whether an application comes indeed from the company or developer that claims to be.

Android versions that contain the flaw are those that start from 2.1 and higher. The version 4.4 known as KitKat also has this vulnerability, though the one that enables for the creation of a fake Adobe system has been patched.

This flaw lets hackers develop malware based on an app’s signature in order to seize control of your system. The case if fake IDs potentially affect all apps on Android. Earlier this month, we’ve reported that hundreds of thousands of fake apps have been spotted on the Google Play Store.

What is worrying about this vulnerability is when a hacker creates a fake app for mobile payment such as PayPal. The danger there is when you trust that the app is legit and you enter your payment details such as your credit card and PIN. Or worse yet, when a hackers try to feign an administrative software system, which would totally give them full access and control to your device by the time you fall for the trap.

The most remarkable aspect of the bug discovery is the level of collaboration required of both the developer community and the Android team at Google. The Android team rolled out fixes in April and phone makers were able to receive patches.

Google also confirmed that it has improved user protection measures from the claws of fake ID for Google Play and Verify Apps ecosystems. Thus far, following the fake ID flaw, Google found no other vulnerability nor did it receive reports of threats.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

SwitchBot Lock Review – Perfect Smart Lock for Renters

BREEZOME JH03 vs JH04 Air Purifier – Which One Should You Buy?

SwitchBot Curtain Smart Electric Motor Review – The Upgraded Version

COLORWING M08F Portable Thermal Printer Review – Requiring No Ink, Toner, or Ribbon

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Premiere of the Demo of “EVOLUTION”, Tencent’s First Native Cloud Game, Leading Us to Set Off to the Real World Together
  • VANKYO Leisure 495W and Leisure 470 Pro Projector – New Full-HD Projector Series
  • SwitchBot Lock Review – Perfect Smart Lock for Renters
  • BLUETTI Father’s Day Deals – Power Gears for the Best Dad in the World

Copyright © 2022 · All Rights Reserved