Security researchers believe they have found a major security flaw in the Google’s Android mobile operating system, which could affect up to 99 percent of Android phones now in consumers’ hands.
In results published Wednesday by the Bluebox Security research firm, chief technology officer Jeff Forristal said the flaw gave hackers a “master key” into the Android system.
Google declined to comment on the report.
The problem lies in the security verification process that has been used on the Google Play applications store since the release of Android 1.6. It could leave up to 900 million devices open to hackers. The flaw, the research firm said, is a weakness in the way that Android applications verify changes to their code. The weakness would allow hackers to “turn any legitimate application into a malicious Trojan” without flagging the attention of Google’s app store, a mobile phone or the person using an application.
The result, researchers said, would be that anyone who breaks into an app this way would have access to the data that app collects and — if an app made by the device manufacturer gets exploited — could even “take over normal functioning of a phone.”
In the post, Forristal said that Bluebox reported the security flaw to Google in February. In an interview with CIO, he said that some manufacturers have already released fixes for the problem, specifically naming the Samsung Galaxy S4.