Bluebox Security, a stealth security startup claims to have discovered a flaw in Google’s Android operating system which can enable rogue apps to gain full access to the Android system, read all data, harvest passwords and create a botnet and also turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user.
Potentially, this could affect any Android phone manufactured in the last 4 years, some 900 million devices.
The flaw enables a hacker to modify the Master Key or APK code without breaking the cryptographic signature. A hacker could have access to any or all permissions on a device.
Everyone stay cool.
Uncovering Android Master Key That Makes 99% of Devices Vulnerable (Bluebox Security blog)