Earlier this month Bluebox Security discovered a critical security issue with the Android OS. Researchers at the firm had found out that the mobile OS allows attackers to modify APK files without altering the cryptographic signature. The issue affects Android releases from version 1.6 and any other Android device released over the past 4 years. A Github user, Poliva, demonstrates the possibility of achieving this.
Although there hasn’t been any evidence of exploitation in Google Play and other Android market stores, Google has cautioned Android users on the installation of applications from 3rd party Android app stores. Android OEMs have been receiving patches from Google since March, the deployment of these fixes however depends on the OEMs who make them available to end users.