{"id":5708,"date":"2014-08-15T10:00:14","date_gmt":"2014-08-15T14:00:14","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=5708"},"modified":"2022-10-18T08:08:37","modified_gmt":"2022-10-18T12:08:37","slug":"fakeid-scanner","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/fakeid-scanner\/5708\/","title":{"rendered":"How to seal the “back door” in Android OS"},"content":{"rendered":"

Update: The app described in this post is discontinued. To protect your Android smartphone or tablet use .<\/em><\/p>\n

Android OS has settled down for good on the top of the two hit parades. Firstly, it is a mobile OS rating. Secondly, it\u2019s the rating of the mobile platforms which are\u00a0 being infected most often. According to Kaspersky Lab more than 99% of mobile malware are Android-oriented. Applications on Google play are being regularly checked to safeguard users, moreover Google has implemented a number of protective measures in the Android OS itself. For example, during the application installation there is verification which can guarantee the origin of a software and the confidence that files were not changed by strangers. Unfortunately, these measures are not perfect and malware has had a good opportunity to get into the smartphone by a back door for a long time.<\/p>\n

The backdoor<\/strong><\/p>\n

The last year specialists found several flaws in the Android protection mechanisms. Because of these flaws, a malicious application can penetrate the smartphone by disguising itself as a popular and trusted service, or by \u201cpiggybacking\u201d\u00a0\u00a0 the legitimate application, i.e. adding itself into the installation package. The vulnerabilities called Master Key<\/a> and FakeID<\/a> are presented in most of the modern Android smartphones. They are a little bit less famous than renowned Heartbleed<\/a>(Android smartphones are also subjected to it partly), but it is very important to remove them. The difficulty is that although Google released the necessary fixes long time ago, they should be implemented by either particular smartphone and\u00a0 tablet computer vendor or by a mobile operator that distributes them. And then the owner of this particular device should download and install this update. This often happens with a significant delay and often doesn\u2019t happen at all. So the amount of vulnerable devices numbers millions.<\/p>\n

To seal the hole <\/strong><\/p>\n

To get rid of the vulnerability without any assistance is not easy, but you can minimize associated risks for your devices. Here are the steps to do that:<\/p>\n

    \n
  1. Check if there are such vulnerabilities as FakeID, Master Key or Heartbleed on your smartphone or a tablet. You can use the free scanner from Kaspersky Lab which is available on Google Play. Besides the presence of the vulnerability, it also examines if there are applications installed which use this vulnerability.
    \n    \"fakeid-detect<\/a><\/li>\n
  2. If your device is vulnerable, check whether firmware (phone software) updates are available. Most Android vendors have a special \u201ccheck for update\u201d section in the settings,\u00a0 but in some cases you have to visit the official producer\u2019s web-site. If updates are available, install them according to the manual and check your device as in p.1 again.
    \n

    FakeID vulnerability allows a malicious app to sneak into your Android smartphone \u2013\u00a0 learn how to fix it.<\/p>Tweet<\/a><\/blockquote><\/li>\n

  3. If the vulnerability hasn\u2019t been addressed yet, you could fix the breach by yourself, but it takes many complicated and somewhat unreliable procedures, which wouldn\u2019t be recommended to the general public. (If you are brave enough and literate in this area you could read more on the xda-developers website.)<\/li>\n
  4. Unpatched vulnerability isn\u2019t a cause to throw the smartphone away, but you have to be vigilant to avoid loss of money and data:<\/li>\n<\/ol>\n