Go to Insights page Insights
Go to Intelligence page Intelligence
Go to Investing page Investing
Go to Innovations page Innovations
Go to Two Takes page Two Takes
Go to Two Takes page
Go to Insights page Insights
Go to Intelligence page Intelligence
Go to Investing page Investing
Go to Innovations page Innovations
Two Takes View TECHi Stance

Millions could be at risk due to Android’s “fake ID” flaw

TECHi's Author Carl Durrek
Opposing Author Theguardian Read Source Article
Last Updated
Theguardian
Theguardian View all Theguardian Two Takes by TECHi Read the original story Published July 29, 2014
TECHi's Take
Carl Durrek
Carl Durrek
  • Words 96
  • Estimated Read 1 min

Bluebox Security, the same outfit that last year identified a worrisome (but thankfully patched) flaw in the Android app-packaging system, has done it again. On Tuesday, the company said it had found a new Android vulnerability that potentially allows the stealthy theft of information from millions of devices. Those with old Android handsets that no longer receive firmware updates are particularly at risk. However, as with the last time round, Android fans should check the details before freaking out – they’re probably not going to get hurt if they only install apps through the Play Store.

Theguardian

Theguardian

  • Words 183
  • Estimated Read 1 min
Read Article

Millions of people using Android devices could be left open to attack from malicious apps that appear to come from legitimate developers, due to a flaw in Google’s mobile software. The flaw has been named “Fake ID” by security company Bluebox Labs, which discovered it. However, Google says it has already issued a patch to protect Android users from attacks exploiting the flaw. Fake ID has been resident in Android from version 2.1 to 4.4, although it was fixed in April as part of the latest update, Android KitKat. Millions of devices could still be at risk, though, as Google’s own figures show that82.1% of Android users are running an older version. In a blog post published today, Bluebox explained that the problem lies in how app security is checked on Android, with each app given its own cryptographic signature determining who can update it, and what privileges it has on a device. To get these signatures, apps are signed using “identity certificates”, which go along a chain of trusted parties, supposedly to guarantee the right people are in control of the software.

Source

NOTE: TECHi Two-Takes are the stories we have chosen from the web along with a little bit of our opinion in a paragraph. Please check the original story in the Source Button below.

Balanced Perspective

TECHi weighs both sides before reaching a conclusion.

TECHi’s editorial take above outlines the reasoning that supports this position.

More Two Takes from Theguardian

Spotify collaborates with global music giants to create ethical AI technologies
Spotify collaborates with global music giants to create ethical AI technologies
Dr Layloma
Dr Layloma

Spotify is forging a significant collaboration with the major players in the global music industry, Sony, Universal, and Warner, to…

Donkey Kong Comeback Smashes Expectations
Donkey Kong Comeback Smashes Expectations
Warisha
Warisha

Donkey Kong Bananza signifies one thrilling transformation on the part of Nintendo and veterans. It is a new release after…

Trump Administration Reportedly Plans to Cut 2,145 NASA Employees
Trump Administration Reportedly Plans to Cut 2,145 NASA Employees
Warisha
Warisha

The news that the Trump administration wishes to reduce the number of NASA workers by over two thousand is a…

Google Ordered to Pay $314.6M to Android Users
Google Ordered to Pay $314.6M to Android Users
Abdul Rahman
Abdul Rahman

This is actually a pretty big revelation. Google wasn't just spying on users, it was making them pay for the…