Google confirms fix for 'master key' vulnerability released to OEMs
No evidence that exploit has actually been used, Google spokeswoman tells ZDNet
Last week it emerged that a security vulnerability affecting all current versions of Android could allow applications to be maliciously altered without affecting their cryptographic signatures. You might've heard it referred to as the Android "master key" vulnerability.
At the time it was reported that Samsung's Galaxy S4 had already been patched to address the issue, and now we have further information from Google on the company's response to the incident. According to ZDNet, Google spokeswoman Gina Scigliano said that the company had already released a fix for the bug to OEMs, and that some manufacturers like Samsung were already shipping the fix in devices.
Scigliano reiterated that Google had found no evidence that the vulnerability had actually been exploited in malware on Google Play or other app stores. As AC's Jerry Hildenbrand mentioned in his write-up of the issue last week, the bug, while potentially serious, is easy to avoid by sticking to official app stores and avoiding pirated apps.
Making sense of the latest Android 'master key' security scare
Source: ZDNet
Get the top Black Friday deals right in your inbox: Sign up now!
Receive the hottest deals and product recommendations alongside the biggest tech news from the Android Central team straight to your inbox!
Alex was with Android Central for over a decade, producing written and video content for the site, and served as global Executive Editor from 2016 to 2022.