When it comes to malware on smartphones, no operating system is 100% immune, although usually when it comes to the headlines, Android seems to be the one suffering from malware the most, and a recently discovered malware does not appear to be changing things for Android’s security, at least for now. According to the researchers at Bluebox Security, they have found a flaw in Android’s security model which according to them, could potentially affect up to 99% of Android devices out there. The researchers are claiming that this vulnerability has been around since Android 1.6 Donut and they have since notified Google back in February.
The exploit basically allows malicious app developers to change the code of a legitimate APK without breaking its cryptographic signature, thus allowing the installation to proceed as per normal. Bluebox Security theorizes that if the modified APK were to pose as a system file from a manufacturer, it is possible that hackers could gain full control over a device. As it stands it seems that the Samsung Galaxy S4 is the only device immune to the exploit and according to Bluebox’s CTO, Jeff Forristal, Google is said to be working on an update for its Nexus device which should patch the issue.