We still haven’t fully recovered from the fright that Stagefright has given us, when news of another vulnerability called Certifi-gate was revealed by CheckPoint three weeks ago. Now, apparently an app (which of course has since then been shut down) was able to bypass Google’s security measures and got published on the Google Play Store, containing this infection. Recordable Activator is the app, and it apparently was able to use a plugin from TeamViewer that’s why it was able to get past Google.
For those unfamiliar with Certifi-gate, the bug will be able to access your smartphone’s screen and actions if it manages to infect it. But you cannot clean up your device just by uninstalling the app. For that you would need a security patch from your OEM. Some of the ones on Check Point’s list of having a vulnerability to the bug are LG, Samsung, and HTC. They have probably been working on getting those updates to you.
But the app Recordable Activator, which is supposedly will let you record your smartphone display without having to root your device, will actually infect your smartphone with Certifi-gate. They used a vulnerable version of TeamViewer to fool Google into thinking it was trustworthy. TeamViewer admits that the developer, Invisibility Ltd did use their plug-in but that was actually in violation of their code as they do not allow 3rd-party apps to use it.
Hopefully, Google will now have better processes so that an app like this will not be able to make it to the marketplace. These two recent incidents have been pretty damaging to Android’s reputation, and may cause users to shy away and go to other platforms that will claim to have better security and precautions.
SOURCE: CheckPoint
freelance from home, while being your own boss while gettíng good payment for it… how? – read more on web-síte you can find listed on my dísqus-page