Bluebox Security began talking about the Master Key exploit recently and it seems to be a popular topic amongst Android users. The original reports are saying this could have affected about 900 million devices. The exploit had been around for several years now, dating back the release of Android 1.6 Donut.
But more to the point, Google has already addressed the issue and there is now an app to see if your handset is vulnerable. The app is available by way of the Google Play Store and is called Bluebox Security Scanner. The app is free to download and works quickly and easily. In fact, once the app has been installed you will know if your handset is patched or unpatched in a very short time.
In our personal testing using a few phones found on our desk, an AT&T Galaxy S4 Active was found to be patched and a Galaxy S III running CM10.1.0.3 was found to be unpatched and vulnerable. In addition to the quick test of the patch status, the Bluebox Security Scanner also looks to see if your handset allows for non-Google installs and performs a scan for malicious apps.
The app begins the scan at launch and a tap of the menu button offers the option to rescan. That said, the app is simple, to the point and does just what it says it does. On the flip side though, despite finding that one of these two handsets are vulnerable at the moment — there isn’t all that much we can do about it. Basically, we know and we will remain waiting.
Of course, knowing the handset is vulnerable should mean you proceed with a bit of caution if you are installing any third party apps from outside the Google Play Store. Otherwise, looking towards the follow-up news that had arrived from Google and we see this issue has been taken care of — now that just means the manufacturers will have to roll this fix out as a security update.
SOURCE: Google Play Store
I can confirm that my N4 is vulnerable. 🙁
VZW S3 and WiFi Note 8.0 both report as Patched while my wife’s Nexus 7 isn’t. So much for “always the latest updates direct from Google” mime…
That does seem strange. Nice to see the Verizon S3 is taken care of though.
Xperia zr 10.3.1.A.0.x is patched