Android Master Key Vulnerability and How to Fix It
There is no real 100% safe software, but with everyone’s combined efforts, Android can be made safer for all of us. Unfortunately, the price of an open system is that the vulnerabilities are also open to be explored and exploited by both good and bad alike.
There are people who explore the Android code simply to find vulnerabilities. There are the good guys, who look for it to report and maybe find a way to patch it, while there are those who seek to exploit in in delivering malware and stealing precious information from Android users everywhere. Thankfully, Google watches these developments as well and they patch it as soon as they can.
Unfortunately, while manufacturers are quick to take all the benefits of the open source code when they make an Android device, they are not too keen on fixing the code for the rest of us after it has all been said and done. Their contributions are also very minimal as they usually just create their own version of it anyway as customized Android skins.
Another thing we can’t count on manufacturers to do is fixing exploits discovered by the open source community. While they may sometimes fix it, it comes all too late for most of us as they really take their time with it. Thankfully, the rest of the community would not simply stand and let fast acting malicious coders simply play around with our precious OS.
Android Master Key
One very recent example is the vulnerability coined as the “Android Master Key”. If you haven’t heard of it, this vulnerability can infect up to 99% of all Android phones in current circulation. That statistic alone is bad enough, but the worst part is that this vulnerability can also make use of any legitimate app to do its bidding.
As the most devastating Android vulnerability discovered yet, Google could not ignore and take their time in patching this vulnerability. True enough, the company responsible for Android has released a patch that can protect smartphones from this vulnerability. The only problem is that Android OEMs are not too keen on implementing this patch in all of their existing phones.
Android Fragmentation and Update Delay
The problem with Android is there are a lot of Android versions that are stuck at where they are update-wise. A massive amount of phones have been left at Gingerbread and Ice Cream Sandwich. Many of them will never see another update again. Unfortunately, their phones are vulnerable to this gaping hole in Android’s security. Without OEM updates, they are practically stranded. They would have to buy a new phone. Of course, if they really want to receive protection, they could always root their phone.
A New Benefit of Rooting
Many people wonder what exactly the point of rooting an Android device is. There are plenty of reasons. There are those who root to customize, there are those who root for the backup options, and are those who root to optimize the performance of their Android device.
In light of this Android Master Key vulnerability and the Android OEM’s refusal to update all Android devices with a patch, rooting may now be equivalent to increasing your phone’s overall security. Why is that? Because a patch has been made by the well-meaning members of The Systems Security Lab at the Northeastern University and Duo Security, and the only way to make it work is to have your phone rooted.
ReKey Your Android
ReKey is the name of the app developed by these two groups. It was designed to specifically combat the Android Master Key vulnerability due to the massive scope of the potential damage it could bring to the Android operating system and their users.
The app is designed to prevent the users from installing apps that may exploit the vulnerability of the Android Master Key. The problem here is for the App to be able to do just that, it needs access to a higher level of authority in your Android device. This allows the app to check and block installations properly.
The project is currently in beta as they work through the bugs and the compatibility of the patch with all existing Android handsets. There are so many out there that catering to all of them is a massive feat indeed.
For Future Security
The idea behind ReKey might have been triggered by the Android Master Key vulnerability, but this project is more ambitious than that. Rather than simply patching the current vulnerability, ReKey hopes to be the 3rd party security software that will patch and solve all Android vulnerabilities regardless of Android version and device. This idea will at least let customers have a fighting chance against vulnerabilities even though the official OEM patches are not yet applied or will never be applied.
For old phones, aging phones, and even new phones, this app is practically essential to make sure that you are always protected from various forms of attack. All you need is to root, and there are plenty of ways to do that now. Take this site for example. We will help root your device and even figure out new ways to take advantage of your rooted phone.
To start protecting your phone or at least help in testing the compatibility of the app with your device, go ahead and download ReKey from this link and install it just like any other app: