FakeID and MasterKey Still Pose Risks for Android

Jeff Forristal has been busy the last few years discovering and reporting Android vulnerabilities. Forristal, CTO of mobile security vendor Bluebox Security, revealed the Android Master Key vulnerability at the Black Hack 2013 conference and the FakeID vulnerability in 2014.

The two security flaws could have potentially enabled malicious apps to be installed on user devices. Although Google has patched both flaws, there are still users that are at risk from the vulnerabilities for a number of reasons. In some cases, they have not updated their devices. In others, the device vendor may not necessarily have ever made a patch available.