Tomek Kondrat · Aug 2, 2014 at 09:00 pm

Fight off the Android Fake ID Vulnerability with Xposed

While Android is considered a pretty stable and safe operating system, there are some vulnerabilities that pop up from time to time. Some of them are pretty nasty, and force Google to release a minor revision to their OS. But developers here on XDA don’t like to wait, so they often take matters into their own hands before Google officially addresses the problem.

One of the recently discovered bugs is known as the Android Fake ID, and it has been present in Android’s source code since 2010. The bug allows malicious apps to pretend to be signed by trusted providers. This in turn allows them to be loaded as extensions in several contexts such as NFC access, browser plugins, and more. Unfortunately, it seems that the bug affects all devices. XDA Recognized Contributor Tungstwenty, co-creator of Xposed Framework, came to the rescue and created a module that squashes the vulnerability in seconds. Simple as that, without changing a line in the source code or modifying a single binary.

The fix will work only on rooted devices with Xposed Framework installed and running. To make use of this module, you need to enable it in Xposed Installer and reboot your device. Once the process is completed, your device will be free of the Android Fake ID vulnerability.

So without further ado, you can find the module by visiting the FakeID vulnerability fix thread. If you want to read more about the Android Fake ID vulnerability, head over to this article on bluebox.com.


_________
Want something on the XDA Portal? Send us a tip!

Tomek Kondrat

eagleeyetom is an editor on XDA-Developers, the largest community for Android users. Tomek is the only Polish moderator on XDA Developers. He graduated from the University of Warmia and Mazury in Olsztyn with a degree in journalism and public communication in 2013. He's a big fan of football (not hand egg), post rock and cooking. A total addict of mobile technology, especially Android. Currently flashes dozens of custom ROMs on his OPO. View eagleeyetom's posts and articles here.
Mathew Brack · Apr 1, 2015 at 05:51 pm · 4 comments

April Fools Round Up: The Year of Nostalgia

April Fools Day is once again upon us and as usual, tech companies everywhere have not failed to keep us entertained. With a trove of fantastic faux product launches and even some real product launches that were taken as April Fools jokes, people have been busy releasing their hilarious ideas. With many of these jokes being nostalgic and some even being functional it's easy to appreciate the spirit behind them. Samsung Galaxy Blade Edge In a reference to the Galaxy...

XDA NEWS
Tomek Kondrat · Apr 1, 2015 at 05:43 pm · 2 comments

Android 5.1 OTA for Nexus Round-Up

The beginning of April is dominated by April Fools. There are jokes and pranks everywhere, which are meant to fool people. This news is no joke though, as Google has pushed the shiny red button to send out over-the-air updates to supported devices. Well, sort of, as only a few of available Nexus devices got updates to Android 5.1. Here's a list of OTAs that can be downloaded and flashed by stock recoveries. You can find guides on how to revert...

XDA NEWS
Chris Gilliam · Apr 1, 2015 at 04:29 pm · 4 comments

Google’s Prank Roundup for April Fools 2015 [Updated]

Once again, we have arrived on the most magical of holidays - the annual unveiling of HalfLife 3, and day on which co-workers believe it is appropriate to duct tape air horns behind doors. I speak, of course, about April Fools Day. As has become their custom, Google launched lighthearted "pranks" for each of their various services (with other tech sites and vendors following suit), and we have done our best to round up the humorous products and tweaks surfacing thus far....

XDA NEWS
Share This