When you read about mobile viruses and identity theft online, it’s easy to think that neither of those things will ever affect you. Sure, you don’t use mobile antivirus software, but you’re pretty good at spotting viruses before they attack, right?

Unfortunately, that same attitude is now causing headaches for Android users all over the world. A recently-discovered exploit in the Android operating system affects literally 99% of all Android users. Yes, you need to be worried – that is, unless you’re among the 1%.

Android devices unaffected by the 99% of all devices exploit:

-Galaxy S4

-Rooted Android users who have upgraded to the most recent CyanogenMod 10.1.2 patch

Android devices affected by the 99% of all devices exploit:

-Every other Android in the world

That’s right: unless you picked up the latest Galaxy model, your Android is at risk. The exploit – called Master Key – has been a thorn in Google’s side for quite some time. The exploit was patched in February of 2013 with a security update, but the patch apparently was not enough to keep the malware at bay.

Why is the Master Key exploit dangerous?

In the real world, a master key opens many different locks. In the Android world, the Master Key exploit gives apps near total control over the user’s device. The Master Key exploit isn’t easy to attack, although it’s certainly possible.

The Master Key exploit works by hijacking a legitimate app’s update process. For an app to deliver an automatic update to Android users, it needs to verify the new version using a signature that matches the signature from the original developer. This is the ‘Master Key’ signature.

Talented hackers can replicate the Master Key signature and install their own malicious update to a particular app. One day, you could be using your Twitter app. And the next day, you could press the same shortcut on your Android only to open to allow a virus to have its way with your system.

In other words, Master Key allows a malicious third-party to turn your good app into a bad app. In most cases, this transformation will take place behind the scenes of the app and the malicious app will be executed without your knowledge.

How to check if your device is vulnerable

 

Reading reports from tech security researchers is annoying. Why? Because they always identify problems but they never actually solve them. Fortunately, the folks who discovered this recent exploit were nice enough to help out by providing an app called Bluebox Master Key Security Scanner.

This app will tell you if your device is vulnerable to attack. It also reveals other important information about the security of your system. Here are the app’s features:

-Tells users whether or not their system is vulnerable or patched to the Bluebox “Master Key” security flaw which currently affects 99% of all Android devices

-Tells users if their system settings allow non-Google Play Store app installs (this isn’t necessarily a bad thing if you’re careful about your download sources)

-Tells users if any installed apps are currently trying to take advantage of the Master Key security exploit

There are some things users can do to stay protected, including downloading a good antivirus program (most of the top antivirus apps have been updated to reflect the latest Master Key exploit). Other than that, only download apps that you know are made by trustworthy companies and consider uninstalling any apps made by companies that you don’t know.

Download the Bluebox Security Scanner app here to check if your device is vulnerable. It’s a simple and legitimate app which simply scans your system and can then be deleted.