When I heard about Google bug 13678484 (AKA Fake ID) I wanted to understand the issue and its implications, and as I am too impatient to wait until the Blackhat 2014 talks are made available I decided to do some research of my own. As a security consultant and self proclaimed hacker, i’m always interested in finding out details regarding new Android bugs with potential widespread impact. As I tend to spend a lot of time performing mobile security assessments, I also know how important it is to understand the new issues and threats in order to advise on how to protect mobile applications. At the time of writing, technical information on this bug has been sparse and hopefully this blog post will help in sharing more information about this attack and to provide some input on whether this bug is really as critical as current publications have lead us to believe.
Continue reading
