Attention Android users! If you're not using the most recent Android update from April, you should probably think about starting now. There's a major security flaw that could leave you open to attack if you aren't running Android KitKat.
It's called "Fake ID," and it could let hackers take control of your apps and gain access to your phone. It works by exploiting an issue in Google's certification process for apps. The flaw is active in Android versions 2.1 to 4.4. Each app has its own signature that is tied to the developer to make sure it is real.
There are “parent certificates” and “child certificates”, which are checked against one another upon installation to ensure they match up and the app is trusted. The parent, usually handed down by the original software creator, effectively proves the child is worthy of being trusted, as part of what is known as the “certificate chain”.
But, Android wasn't checking the "certificate chain" well enough, which has allowed hackers to create their own certificates and gain access to your phone and apps. They can then access your stored financial information in apps like Google Wallet. They can also use their new permissions run code on your phone and install malware.
Google issued a patch in the KitKat update, but it says 82.1% of users are still using an older version of the operating system. The Google Play Store and Verify Apps feature have both been updated to protect users from this attack.
That means you'll be safe as long as you only download apps from the Google Play Store. If your device is capable of running KitKat, it's recommended you update right away. You can check your version by going to Settings>About phone. If it says 4.4.2 then you're good. If the number is lower, you can go to System updates to see if you can get the most recent version. Older Android gadgets might not be able to run KitKat. You should also read my seven essential steps to secure your smartphone or tablet.