Android Master Key Vulnerability Checker Now Live

darthcamaro writes "Last week, Rain Forrest Puppy (aka Jeff Forristal) first disclosed the initial public report about an Android Master Key flaw. Code was released earlier this week for attackers to exploit the flaw — but what about users? Google has claimed that it has patched the issue but how do you know if your phone/carrier is safe? Forristal's company now has an app for that. But even if your phone is not patched, don't be too worried that risks are limited if you still to a 'safe' app store like Google Play. 'The only way an Android user can be attacked via this master key flaw is if they download a vulnerable application. "It all comes down to where you get your applications from," Forristal said.'"

Even the Android fanboys know

[MoronGames]

That most phones that are "in the wild" will probably never receive this patch unless they are current flagship devices. That said, do not download things from untrusted sources! That goes for not only smart phones, but computers as well!

Re:Even the Android fanboys know

[h4rr4r]

1. People seem to not care. This is why I only buy Nexus devices though.
2. Totally correct.

I wish google would use their leverage over the android trademarks, not the software, to force updates for X amount of time and a longer amount of time for security patches. The real issue here is the whole carrier model. If you bought your PC from your ISP and they provided all the software for it you would be in the same boat there.

Re:Even the Android fanboys know

[somersault]

It's in a dialect of English usually known as Careless Autocorrect

Re:Master key?

[Andy+Dodd]

That was the word Bluebox used to describe it... Honestly, their original press release blew this way out of proportion.

Most Android devices now have support for scanning of sideloaded APKs for Malware now (it's a Google Play service), and I'm assuming that while a week or two ago that detector wasn't configured to detect this exploit, it almost surely does by now.