Android users who have “rooted” their smartphones can download the ReKey app to patch the so-called Master Key vulnerability, cybersecurity firm Duo Security announced this week.
A research company recently discovered that Android apps could be maliciously tweaked without a user knowing. Such updates could allow a hacker to pull personal data and files off the phone. Google has said it’s found no evidence of apps in the Google Play store taking advantage of the flaw.
But people who download things from other sources should consider downloading ReKey or turning on the “Verify Apps” setting in the newest version of the Android operating system. Duo Security partnered with Northeastern University to create ReKey. Though Google also issued a patch, it’s up to device makers to offer it up to end-users. Third parties have stepped up in the meantime.
Similar to jailbreaking an iPhone, “rooted” Android phones give users full administrative privileges, allowing them to install special apps, such as ReKey, and access more settings. However, it’s a technical operation that typically voids device warranties.
The Master Key issue was initially uncovered by Bluebox Security. The company has deferred to device vendors and third parties to produce and distribute fixes.
“Kudos for Duo for investing additional resources to help protect the Android ecosystem,” Bluebox said in a statement. “We look forward to collaborating with Duo to address other Android vulnerabilities that we uncover through our research at Bluebox.”
Anti-virus provider Webroot said the latest version of its Android app also recognizes the issue. The same goes for Bitdefender. Google says these apps are typically unnecessary for people who don’t stray from Google Play.