Lately, there has been a whole lot of hacking going on. With StageFright being the latest security vulnerability for Android users. Now we have another one here in Certifi-gate. Currently, the Black Hat conference is going on down in Las Vegas, and the Check Point team have just published a report on this vulnerability that affects a big chunk of Android smartphones. Basically what it comes down to is that the implementation that Android OEM's have used for remote support for their customers, has a flaw. Which allows for an app plugin to access the devices screen and actions, and thus taking over your phone completely. Using a certificate signed by the OEM.
Check Point notes that there is no real way to revoke this certificate that can be used to hack your device. So an individual could easily overtake your device. They also noted that some of the Android OEM's that are prone to Certifi-gate include LG, Samsung, HTC and ZTE. However, these OEM's have already released updates to fix the issue. Google and Check Point have both stated that Nexus devices are not affected by Certifi-gate.
Google spoke with Engadget regarding the vulnerability, stating, "We want to thank the researcher for identifying the issue and flagging it for us. The issue they've detailed pertains to customizations OEMs make to Android devices and they are providing updates which resolve the issue." Google went on to say that they urge their users to get their apps from a trusted source like Google Play. And that users are only affected if they install a potentially harmful application. The search giant reiterated that they are always monitoring apps with VerifyApps and SafetyNet. Which Google has been doing for a while. Check Point also states that it's possible for a harmful app to get through Google's verification process, as it could look legit.
And this is why we always urge caution when sideloading apps. While many of us are pretty impatient when it comes to getting app updates, and we want them yesterday. This can be a potential side affect of sideloading apps. So until your phone gets the update, it's a good idea to stay away from sideloading apps on your smartphone for now.