Tomek Kondrat · Aug 2, 2014 at 09:00 pm

Fight off the Android Fake ID Vulnerability with Xposed

While Android is considered a pretty stable and safe operating system, there are some vulnerabilities that pop up from time to time. Some of them are pretty nasty, and force Google to release a minor revision to their OS. But developers here on XDA don’t like to wait, so they often take matters into their own hands before Google officially addresses the problem.

One of the recently discovered bugs is known as the Android Fake ID, and it has been present in Android’s source code since 2010. The bug allows malicious apps to pretend to be signed by trusted providers. This in turn allows them to be loaded as extensions in several contexts such as NFC access, browser plugins, and more. Unfortunately, it seems that the bug affects all devices. XDA Recognized Contributor Tungstwenty, co-creator of Xposed Framework, came to the rescue and created a module that squashes the vulnerability in seconds. Simple as that, without changing a line in the source code or modifying a single binary.

The fix will work only on rooted devices with Xposed Framework installed and running. To make use of this module, you need to enable it in Xposed Installer and reboot your device. Once the process is completed, your device will be free of the Android Fake ID vulnerability.

So without further ado, you can find the module by visiting the FakeID vulnerability fix thread. If you want to read more about the Android Fake ID vulnerability, head over to this article on bluebox.com.


_________
Want something on the XDA Portal? Send us a tip!

Tomek Kondrat

eagleeyetom is an editor on XDA-Developers, the largest community for Android users. Tomek is the only Polish moderator on XDA Developers. He graduated from the University of Warmia and Mazury in Olsztyn with a degree in journalism and public communication in 2013. He's a big fan of football (not hand egg), post rock and cooking. A total addict of mobile technology, especially Android. Currently flashes dozens of custom ROMs on his OPO. View eagleeyetom's posts and articles here.
Mario Tomás Serrafero · Apr 18, 2015 at 10:00 am · 3 comments

Open War for Open Android: Antitrust for Cyanogen?

Android and openness is something we talk about all the time, but the recent developments in the industry point towards inherent flaws with this very premise. Be it from bloggers, political institutions or corporations, Android is seemingly not open enough. The “War on Openness” is ironically becoming an open war, where many players are increasing their stakes and scope to try and land a bigger hold - or at the very least, restrict Google’s - on what is the world’s...

XDA NEWS
Emil Kako · Apr 17, 2015 at 01:22 pm · 3 comments

What Do You Do with All of Your Old Photos?

Smartphone cameras have advanced so tremendously over the past few years that they have almost completely replaced point and shoot digital cameras for the most of us. Furthermore, since our smartphones are always with us, the majority of us end up taking tons of photos throughout the lifespan of our devices. But what happens to all the old photos you take? Do you store them on an external hard-drive or keep them backed up to an online cloud service like Flickr? Let us know what your favorite way of storing old photos is and why.

DISCUSS
Faiz Malkani · Apr 17, 2015 at 01:04 pm · 1 comment

Diving into the April 2015 Material Design Update

Before the release of Android 5.0 Lollipop, the Holo Design guidelines served as the official reference for Android design, right from IceCream Sandwich to KitKat. However, updates to the guidelines were few and far between, leading to a lack of synchronization between Android design and current UI/UX trends. Google seems to have learned from their mistake the last time around, and earlier this week, a significant update was released for the Material Design guidelines, marking the second revision in less...

XDA NEWS
Share This