Hey just wanted to pass this along, it seems there is a security issue on androids and I wanted to pass this info along, if you have any questions about how to install just ask, its really easy to do.....


http://androidforums.com/rooted-devices-only/741396-master-key-bluebox-root-fix.html

 

The only trick is after you install xposed, you will have to check the master key in the module and then reboot your phone....

 

Ok I ran this first: https://play.google.com/store/apps/details?id=io.rekey.rekey

Then this to check it:

https://play.google.com/store/apps/details?id=de.backessrt.appintegrity

Then went here and downloaded Xposed:

http://forum.xda-developers.com/attachment.php?attachmentid=1957219&d=1368387321, you will have to change .zip to .apk

Installed Xposed and rebooted

Then went here to get master key dual fix:

http://click.xda-developers.com/api/click?format=go&key=f0a7f91912ae2b52e0700f73990eb321&loc=http%3A%2F%2Fforum.xda-developers.com%2Fshowthread.php%3Ft%3D2365294&v=1&libId=f4e83829-16ec-45ee-83cf-c621d5be33d8&out=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dtungstwenty.xposed.masterkeydualfix&ref=http%3A%2F%2Fandroidforums.com%2Frooted-devices-only%2F741396-master-key-bluebox-root-fix.html&title=%5BFIX%5D%5BXPOSED%5D%5B4.0%2B%5D%20Universal%20patch%20for%20%22Master%20Key%22%20%2B%20%22Bug%209695860%22%20vulnerabilities%20-%20xda-developers&txt=Google%20Play&jsonp=vglnk_jsonp_13744296610169


Then opened up Xposed and went to modules and checked Master key dual fix.

Then just ran master key fix, and if it comes up were it says patch didn't work just reboot your phone again.......

 

As with any OS android, windows, mac theres always a chance of vulnerabilities, all you can do is keep them updated, that's the reason I posted up this thread.....

 

"Earlier last month, RFP from BlueBox published a sneak preview of his upcoming BlackHat talk, detailing a vulnerability in the Android platform that affects nearly all Android devices. Soon after, a vulnerability of similar nature and impact was published on Chinese forum. Both of these "Master Key" vulnerabilities allow an attacker to modify the code of an Android package without affecting the signature of the package as verified by the package manager, which has serious implications when considering system-signed packages. From an end user perspective, the vulnerabilities allow an attacker to take full control of a user's device.

Google will be issuing a fix for this in their newer releases of Android firmware. However, these fixes will take time to filter down the food chain from Google to carriers to users... if indeed, a firmware update is even issued for older devices that are now past End of Life, since this vulnerability affects 99% of all Android devices going back to Android 1.6, Donut.

Not wishing to take a chance, I have installed an app, free from the Play Store, which is the result of a research collaboration between Duo Security, a cloud-based two-factor authentication and mobile security company, and Northeastern University's System Security Lab (NEU SecLab) and patches the, "Master Key", vulnerabilities on rooted devices.

The patch is not phone, device or firmware specific... you can whack it on any Android device that is rooted. Once activated it patches the device but should you flash a different firmware you will need to patch it again"

Don't know about you but im not going to take that chance.....

 

Well who knows, personally I would be on the side of caution and beings that I deal with this kinda of security issues at work everyday, I would rather be safe than sorry but again that's my personal preference. I just posted up for everyones information and everyone can make there own decision....

 

Interesting, i havent had that happen to mine, thanks for letting us know.....

 

Thank you sir............

 

I said it before and I'm going to say it again, you be the man sir