Tomek Kondrat · Aug 2, 2014 at 09:00 pm

Fight off the Android Fake ID Vulnerability with Xposed

While Android is considered a pretty stable and safe operating system, there are some vulnerabilities that pop up from time to time. Some of them are pretty nasty, and force Google to release a minor revision to their OS. But developers here on XDA don’t like to wait, so they often take matters into their own hands before Google officially addresses the problem.

One of the recently discovered bugs is known as the Android Fake ID, and it has been present in Android’s source code since 2010. The bug allows malicious apps to pretend to be signed by trusted providers. This in turn allows them to be loaded as extensions in several contexts such as NFC access, browser plugins, and more. Unfortunately, it seems that the bug affects all devices. XDA Recognized Contributor Tungstwenty, co-creator of Xposed Framework, came to the rescue and created a module that squashes the vulnerability in seconds. Simple as that, without changing a line in the source code or modifying a single binary.

The fix will work only on rooted devices with Xposed Framework installed and running. To make use of this module, you need to enable it in Xposed Installer and reboot your device. Once the process is completed, your device will be free of the Android Fake ID vulnerability.

So without further ado, you can find the module by visiting the FakeID vulnerability fix thread. If you want to read more about the Android Fake ID vulnerability, head over to this article on bluebox.com.


_________
Want something on the XDA Portal? Send us a tip!

Tomek Kondrat

eagleeyetom is an editor on XDA-Developers, the largest community for Android users. Tomek is the only Polish moderator on XDA Developers. He graduated from the University of Warmia and Mazury in Olsztyn with a degree in journalism and public communication in 2013. He's a big fan of football (not hand egg), post rock and cooking. A total addict of mobile technology, especially Android. Currently flashes dozens of custom ROMs on his OPO. View eagleeyetom's posts and articles here.
Eric Hulse · Jul 7, 2015 at 05:59 pm · 2 comments

T-Mobile Galaxy S6 Battery Woes

I've been using a T-Mobile Galaxy S6 since the device launched with T-mobile's service. However, over this past holiday weekend I knew I would be in an area without reliable T-Mobile service. So, I opened up T-Mobile's default "Device Unlock" app , pressed unlock, and placed my AT&T SIM card in the device. Everything seemed to be working fine: strong signal, great LTE, good voice calls - until day 3. On Sunday, my Galaxy S6 felt very hot to the touch and...

XDA NEWS
Brian Young · Jul 7, 2015 at 12:26 pm · 3 comments

Earthquake Early Warning in Your Pocket

Probably all of us reading this have a smartphone in our pocket. For many of us, the smartphone has become our primary method of reading and writing e-mails, messaging, and browsing the web. Though proclamations that "smartphones have replaced the personal computer" typically fall on deaf ears, the statements aren't without merit. Indeed, smartphones have "replaced"—or more accurately, "displaced"—PC's in several areas that they have traditionally been dominant. But how many of you look into your pocket, or on your desk, and...

XDA NEWS
Aamir Siddiqui · Jul 7, 2015 at 10:39 am · 2 comments

Sony: The OEM You Want To Save

In our recent Discuss article, we asked you readers on which OEM you would like to help. While the answers we received were varied, a lot of these responses and top comments stood out for helping one OEM: Sony. Some excerpts from our discussion are as below: And many more follow suit. Needless to say, many believe that Sony Mobile as a company is great and is worth saving. And all of these would be happy to hear that Sony will...

XDA NEWS
Share This