A report from security firm Palo Alto Network reveals that Google has known about a flaw that affects half of all Android gadgets for a year. The security flaw hasn't been fixed yet.
BetaNews explains the flaw works:
The vulnerability lies in Android's PackageInstaller, which handles the installation of apps, and, according to Palo Alto Networks, is restricted to apps downloaded -- either through third-party app-stores or manually by users -- in insecure locations, where they can be easily modified by attackers.
So the only people who are actually vulnerable to this attack are people who manually modify where they store their folders. Or people who use third-party app stores.
If you've been following my Android security coverage, then you'll know that almost all of the security threats to the Android platform come from third-party app stores. They probably exploit something similar to this security flaw.
If you're using an Android phone with version 4.3 Jelly or higher, then you've already received a patch for this bug. If you've got an earlier version, though, then you're vulnerable.
Again, Google has known about this bug for a year, but it still hasn't fixed it. That could be because the company doesn't care all that much about users who use third-party app stores. Or simple laziness.
If you think you may be vulnerable to this exploit, then you'll want to learn more about securing your smartphone or tablet. Click here to find out how to do that.