Another Android Master Key Attack Published
Another Android Master Key Attack Published: A second Android Master Key attack has been reported that takes advantage of the vulnerability in the way Android reads APK files, enabling hackers to modify signed legitimate apps with malware.
The vulnerability occurs in the way Android conducts integrity checks on APK files. An attacker could store in a zip archive a benign and malicious version of the same file, give them the same file name, and the benign file will pass the signature check in Android, which enables the malicious modification to be added as well.