I avoided getting an Android phone due to the sheer volume of malware and spyware (did someone say Viber?). At least it’s available for free. Looks like it would be possible to backdoor the phone with minimal effort. How many people will fail to update their firmware?
How it works:
The vulnerability involves discrepancies in how Android applications are cryptographically verified & installed, allowing for APK code modification without breaking the cryptographic signature.
All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn’t been tampered with or modified. This vulnerability makes it possible to change an application’s code without affecting the cryptographic signature of the application – essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been