Here we go again, after revealing a bug in the Android code, Bluebox Security is releasing an Android app to scan the phone and see if the exploit has been patched or if you’re still vulnerable to it. I get the feeling that Bluebox is just trying to get its name out there, remember that we already talked about this vulnerability and even if it is an actual issue, it’s not that big of a deal.
Yes, the vulnerability dates back to Android 1.6. Yes, almost every device could be affected by it. Does that mean anyone could get a malware exploiting it any day? Of course not! Most people don’t download anything outside the Play Store and Google already has that under control. And out of those who do sideload apps, not everyone goes around pirating apps, which is the biggest cause of malware. This vulnerability can only be exploited through hacked and usually illegal apps and that alone should tell you something about who is in danger of getting infected by malware. I hate to say it, but if you pirate apps, you’re probably getting what you deserve.
Ok, the app itself is free, so it’s not like Bluebox is trying to make a profit with this directly, but still, having a line like this: “Unable to scan app _____ , it may be trying to evade the scanner” is just wrong. Specially because most users who install this could get easily scared and lose trust in apps they’ve been using for years. The only ones who get hurt with this are users and honest developers.
I seriously recommend you don’t install this unless you have doubts about any app you might have installed, it might not be an illegal app, you may just be helping a developer to beta test something but you’re not sure if you can trust him.
You can even check the comments on the Play Store, the 5 star ratings are people saying they’re phones are patched, so there’s nothing to worry about there, and when a security app has almost 50 1-star ratings, you know it’s not that big of a deal. Remember, the issue is being fixed and you don’t have too much to worry about. Let’s not blow this out of proportion like Bluebox seems to be trying to do.