Tomek Kondrat · Aug 2, 2014 at 09:00 pm

Fight off the Android Fake ID Vulnerability with Xposed

While Android is considered a pretty stable and safe operating system, there are some vulnerabilities that pop up from time to time. Some of them are pretty nasty, and force Google to release a minor revision to their OS. But developers here on XDA don’t like to wait, so they often take matters into their own hands before Google officially addresses the problem.

One of the recently discovered bugs is known as the Android Fake ID, and it has been present in Android’s source code since 2010. The bug allows malicious apps to pretend to be signed by trusted providers. This in turn allows them to be loaded as extensions in several contexts such as NFC access, browser plugins, and more. Unfortunately, it seems that the bug affects all devices. XDA Recognized Contributor Tungstwenty, co-creator of Xposed Framework, came to the rescue and created a module that squashes the vulnerability in seconds. Simple as that, without changing a line in the source code or modifying a single binary.

The fix will work only on rooted devices with Xposed Framework installed and running. To make use of this module, you need to enable it in Xposed Installer and reboot your device. Once the process is completed, your device will be free of the Android Fake ID vulnerability.

So without further ado, you can find the module by visiting the FakeID vulnerability fix thread. If you want to read more about the Android Fake ID vulnerability, head over to this article on bluebox.com.


_________
Want something on the XDA Portal? Send us a tip!

Tomek Kondrat

eagleeyetom is an editor on XDA-Developers, the largest community for Android users. Tomek is the only Polish moderator on XDA Developers. He graduated from the University of Warmia and Mazury in Olsztyn with a degree in journalism and public communication in 2013. He's a big fan of football (not hand egg), post rock and cooking. A total addict of mobile technology, especially Android. Currently flashes dozens of custom ROMs on his OPO. View eagleeyetom's posts and articles here.
Emil Kako · May 22, 2015 at 10:35 pm · 4 comments

Other than XDA (of Course), What’s Your Favorite Site That Covers Android?

There is a number of other great sites that cover Android, so we're wondering which other sites our community likes to frequent. Tell us your favorite Android website and what about the site that makes it your favorite.

DISCUSS
Mathew Brack · May 22, 2015 at 02:30 pm · 4 comments

Introducing Voices of XDA: Have Your Ideas Heard

By far the greatest assets we have at XDA-Developers are you, the developers, the eager to learn and the bold. Everyday we see innovation and brilliant ideas across the site, from this we know that many of you have great insight in to your respective fields. That is why today, I am honored to announce a new project that will allow us to work with you directly to have your views and thoughts expressed clearer than ever. Introducing:    ...

XDA NEWS
Jimmy McGee · May 22, 2015 at 12:10 pm · 4 comments

YotaPhone 2 Pre-Order, Xperia Z1 Price Cut – XDA TV

Android Wear 5.1.1 OTA downloads are now available. That and much more news is covered by Jordan when he reviews all the important stories from this week. Included in this week's news is the announcement of Sony cutting the price of the Xperia Z1 and be sure to check out the article talking about the YotaPhone 2 Indiegogo pre-order. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA...

XDA NEWS
Share This