In reality, because the S4's firmware is so new, that certainly the later updates should have the Google patch to fix the bug, 8219321
. However, other Android devices that are older and have not received a recent build firmware update, will be at risk.
Since writing post #1
, I have uninstalled ReKey
and run a test using the newly released, SRT AppScanner
, free from the Play Store. This confirmed that on my current firmware, MGA
, build date 11 JUL; that there is no vulnerability to the Bluebox
and that ReKey
is not required.
However, perhaps just as worryingly, the second, more recent, Master Key bug 9695860
, usually referred to as the, "Chinese Master Key bug
", has not been patched by Google in this firmware and is not covered by ReKey
. This bug, only discovered very recently, is already patched by Google in the very latest versions of code for Android, (commit
), but as yet, has not made its way down the chain for release.
There has in the last few days, been a Universal fix released for both the 8219321
bugs but this entails flashing a framework to your phone before applying the Universal Fix.
For more details on this, see Tungstwenty's
xda thread, here
The bottom line is that if you currently
want protection from both
of these bugs then Dual Fix is the way to go until a firmware for your device is released that patches both
vulnerabilities. Which, in the case of older devices, might be never.
Below are 2 screenshots from SRT AppScanner
showing that whilst ReKey
has indeed patched one bug, the device is still vulnerable to the latest one. The 2nd screenhot shows the device after installing the framework .apk
and Dual Fix .apk
ReKey Fix only