

Android Master Key lets you modify applications - spullara
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/

======
csense
Presumably fixes are available, since the linked talk abstract says that the
vulnerability was "disclosed to Google in February 2013."

What worries me is that I've heard that many manufacturers don't have ways to
update the OS on phones in the wild, preferring to require customers to root
their phone or purchase a new handset to get a new OS.

Even for manufacturers that do have an easy upgrade path, I wonder how many
users ever update their OS's? I don't have data, but somehow I'm not
optimistic about the answer.

~~~
ZoFreX
The other part of the problem with security updates on Android, IMO, is that
they aren't typically back-ported - so if your phone can't do Android 4,
you're stuck with the security flaws in 2.3 (including this new flaw) forever.

