The Android "Master Key" bug or vulnerability, discovered by mobile security company, BlueBox, makes your Android devices vulnerable to malware attacks. The "Master Key' bug or vulnerability is a software flaw in the Android operating system (OS) that is responsible for protecting the device against malicious applications.
The vulnerability allows a hacker to modify a legitimate application, turning it into to malicious program called a Trojan. A hacker does this by modifying the legitimate application’s APK code without breaking the cryptographic signature, thereby, making the hacked application, turned into a malicious Trojan, completely unnoticed by the App Store, the device, or the phone's end user.
Android uses the APK code / cryptographic signature to determine if an application is legitimate and to verify that the application has not been tampered with or modified.
With the malicious Trojan installed on an Android device, it will have access to the Android operating system features and applications. This will allow the Trojan to access data on the device, which includes: emails, SMS messages, documents, stored accounts and passwords.
Also, the Trojan can take control of the device, which will allow it to: make phone calls, send SMS messages, turn on camera, and record phone calls.
BlueBox has released a free application to check if your Android device has any malicious applications installed that can take advantage of the "Master Key" vulnerability. This program can also determine if your Android device has been patched for this “Master Key” vulnerability and provides you with the necessary steps to take, to help protect your device against this threat.
This free application is available at Google Play and Amazon AppStore.
Click on one of the following links to download and install the application:
To prevent your Android device from getting infected with a malware due to the “Master Key” vulnerability, avoid downloading applications (apps) from untrustworthy or suspicious websites.
For Frequently Asked Questions (FAQ) about the "Master Key" bug or vulnerability, click here.
For more information about the "Master Key" bug or vulnerability, click here.