Bluebox Security, a mobile security company, has found a serious Android security hole that dates all the way back to Android 2.1. This hole, Fake ID, can be used by malware to impersonate trusted applications without any user notification.
Can you say bad news? I knew you could.
By enabling malware to act like already approved, high-level programs, Bluebox claims that Fake ID “can be used by malware to escape the normal application sandbox and take one or more malicious actions: insert a Trojan horse into an application by impersonating Adobe Systems; gain access to NFC [Neat Field Communication] financial and payment data by impersonating Google Wallet; or take full management control of the entire device by impersonating 3LM.” Ironically, 3LM is part of an Android enterprise security system.