Android Security Bug Uses “Fake ID” To Access User Information
Mobile security firm, BlueBox has detected a security bug, dubbed, “Fake ID”, in all Android operating systems (OS) beyond version 2.1. This vulnerability could allow hackers to steal personal information, such as passwords or financial information, from Android users by creating an app that uses fake security credentials to access other apps on a user’s device.
Earlier this year, Symantec’s Internet Security Threat Report noted that mobile malware in 2013 was developed almost exclusively for the Android OS, 32% of which steals a user’s personal information. Luckily, Google says that no exploits have yet been detected, and it has created a patch, which it has distributed to partners to help keep app information safe. However, this may take some time for partners to implement this fix.
Norton Mobile Insight Has You "Covered"
Both Norton Mobile Security customers and Norton 360 Multi-Device customers are protected if apps attempt to use the “Fake ID” exploit. These offerings include NortonTM Mobile Insight intelligence, which keeps a close watch on downloaded apps for malware or greyware activity, as well as alerts you of exploitative apps. Make sure that you have the latest version of Norton Mobile Security, and that it is installed and running on your device.
Three Tips To Keep Your Information Safe On Your Android Device:
- Update your Android OS – While the Android security team has issued a patch and provided to their partners, it may take some time for all partners to implement the patch, which unfortunately increases the chances of malware being developed to take advantage of this vulnerability. If you have an Android device with an OS version 2.1 or beyond, keep an eye out for platform updates from your service provider and implement them immediately.
- Download and install Norton Mobile Security –Norton Mobile Security helps protect your Android device and the information on it from malicious apps. NortonTM Mobile Security is powered by NortonTM Mobile Insight - our cloud-enabled, automated system that dynamically generates unique mobile app risk intelligence. We are monitoring this Fake ID vulnerability closely and will be able to flag apps that attempt to use this vulnerability so you can uninstall them before they have a chance to do damage.
- Use caution when downloading app stores other than from Google Play – Google Play is taking extensive measures to detect “fakers” and prevent this vulnerability from becoming a serious threat. Make sure that your favorite app stores are reputable and are taking steps to protect users.