Skip to main content

Android users urged to fix 'Master Key' bug with free app

Bluebox Security has released a free app to protect Android smartphone users from the “Master Key” vulnerability that was discovered last week.

The Bluebox Security Scanner app enables users to check if their Android device has been patched for the vulnerability, without the hassle of having to contact a device manufacturer or mobile carrier.

The vulnerability in Android’s security model allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by an app store, the phone or the end user.

The fix supplied by Bluebox will scan devices to see if there are any malicious apps installed that take advantage of the Master Key vulnerability. The app is available to download from Google Play, Amazon AppStore for Android and GetJar.

Bluebox Security CTO Jeff Forristal said in a company blog post, "The scanner will save you significant time and keep you from having to do the 'leg work' to figure out if your device has been safely patched.

"If your device has not been patched, it will provide you with the information you need to ask your device manufacturer when a fix will be available."

Forristal said, "This free app also does a partial device integrity check by searching for malicious apps leveraging the “Master Key” vulnerability, so you won’t have to purchase a mobile AV application just to check for malware using this vulnerability."

However, just as Forristal was introducing his company's fix for the problem, it was reported on Andoid that a new variant of the bug has appeared.

But like the original vulnerability, Google claims to have already fixed the latest problem too.