DefinIT Insights

This Just In: Android’s New ID Bug—And How to Fix The Bug

android bug padding techsert servicesIt’s been a long-held popular opinion that non-Windows operating systems are more or less immune to malware. To paraphrase a popular TV show, that myth was busted this week, when the news of Android’s Fake ID bug hit the web.

So what does this mean for you, Android-powered smartphone and tablet user? Actually, not much has changed under the sun. Let’s find out why.

Isn’t Android Virus-Proof?

Wait a minute, you might be thinking, isn’t Android virus-proof? Aren’t apps prohibited from sharing info with each other? Let’s call Android virus-resistant, not virus-proof. Mobile malware has been developed before now, but the number of malware programs is small compared to the plethora of bad guys available for Windows. It’s foolish to think that malware developers will keep their hands off Android. According to, during this past June, 17% of the traffic on the web came from a mobile device, and Android accounts for nearly 45% of that traffic.

By default, programs in an Android device can’t share information, but certain apps may request permission to do so and you, the user, may allow it. For example, I installed a popular Internet security program on a tablet recently. For it to run correctly, I had to give it access to the inner workings of the device. Because I downloaded the app from Google’s store and it’s from a well-known and trusted source, this was not a problem. But it could be, in the hands of the wrong app developer.

The Problem (and the Fix) of the Fake ID Bug

android fake id bug techspert servicesLike your PC, Android relies on security signatures to verify the origins and trustworthiness of an app. The Fake ID bug does exactly what its name suggests: allows forged ID certifications to pass for the real thing. This means that an app, mimicking a trusted program, could be allowed complete access to your tablet, much like my legitimate anti-malware app. And this means your personal info—including shopping and banking info, if you use your tablet to do this—might be at risk.

There’s no need to panic just yet; although the flaw is widespread, being present in Android versions from 2.1 to 4.3, Google has already released a fix for it. To stay safe on your Android device, follow these steps:

  • Un-updated systems have the highest risk, so make sure your Android device has all the latest updates installed.
  • Avoid side-loading apps (downloading them from sources outside the official Google store) unless you absolutely trust the source.
  • Even though Google Play has stated that it scans all the available apps on its site, use some common-sense precautions. Don’t download things from dubious providers.
  • For more complete information, check out this report from the BBC News website.

What’s Next for Mobile Users?

Using mobile technology has its perks and its drawbacks. Often, the main risk for any technology is the unwise decisions of the user: downloading suspect materials or programs, carelessly choosing simple passwords, using unsecured connections, etc. Mobile tech is no different. Caution and common sense are still your best friends. Read this post for more practical ways to stay safe when using mobile technology. And contact the Techsperts team if you’re concerned about your Wi-Fi or network performance or security.


How’s your IT doing? Does it need some help? Not quite sure what your options are? Contact us at Techsperts Services and find out what we can do for you.