Google has pushed a security patch to its manufacturing partners to fix a major Android security issue that could affect close to 900 million devices, a company spokesperson confirmed to ZDNet.
Gina Scigliano, Google’s Android Communications Manager, said that while Google didn’t have a statement, she could “confirm that a patch has been provided to our partners – some OEMs, like Samsung, are already shipping the fix to the Android devices.”
Bluebox Security recently discovered a security hole that gives a malicious user the potential to convert a legitimate application into Trojan malware. All applications installed on Android have a cryptographic signature, to prevent unapproved modifications or tampering, but this flaw allows an attacker to bypass that signature and make changes that go unnoticed.
It is now up to Android partners to seed the necessary software updates to users, and at least Samsung is already confirmed to be doing so at this point. In the meantime, Android users should keep a close eye on the publisher of the app in which they are planning to install. Google Play does have additional security checks in place, putting users that install apps outside of this marketplace at the greatest risk.