The flaw allows hackers to gain access to Android devices, read data, steal passwords and practically control the devices. The good news is that it doesn’t affect all Android devices, just those launched in the last four years, so it affects just about 99 percent of Android devices on the planet.
Once again the vulnerability is being blamed on Google’s app verification process, or lack of it. The process basically allows malicious developers and hackers to tamper with the application’s code without changing the cryptographic signatures. Thanks to this handy feature, apps that look perfectly legitimate might in fact be diseased – without anyone knowing it.
Bluebox CTO Jeff Forristal said Google was notified of the bug in February and that it has passed the news on to its partners. To kill the bug partners would have to roll out updates and we all know how well that works.
“The availability of these updates will widely vary depending upon the manufacturer and model in question,” he said.
That is basically a polite way of saying that users who don’t pack a Nexus are screwed.
More here.