cancel
Showing results for 
Search instead for 
Did you mean: 

Master Key bug still not patched.

Journeyman

Master Key bug still not patched.

For those of you who have not been following the tech press, there was a serious security flaw discovered in Android that makes it possible for a 3rd party to insert malicious code into an app installer, and your Android device will think the installer is unmodified from the version originally posted by the developer:

http://threatpost.com/android-master-key-bug-details-made-public

This exploit has indeed been found "in the wild"

Malicious apps exploiting Android "Master Key" bug found

If you want to verify whether or not your device has been patched to defend you from this exploit, you want to install the "Bluebox Security" app:

Bluebox Security Scanner - Android Apps on Google Play

While my tablet (ASUS TF300) has been patched against this exploit, my EVO 3D has not.

Look, I understand that this is an older device and that Sprint doesn't care anymore, but this is a very serious exploit that could allow a malicious 3rd party to execute arbitrary code on our devices. ASUS got their patch out very quickly after Google published its patch, but still I see nothing for our EVO 3D phones. Is this ever going to be addressed? If so, how soon? If not, will Sprint pay to replace our devices with devices that are not vulnerable to this exploit?

1 REPLY 1
Highlighted
Journeyman

Re: Master Key bug still not patched.

From the lack of response, I can only conclude that the executives have instructed the community relations people to not respond to this, which I think we can all take as evidence that this issue will not be addressed. Our phones are vulnerable to this exploit and will remain vulnerable. If you are reading this, I advise everyone to get newer phones, either at this carrier or another carrier.

Whatever you other customers decide, I would strongly advise that you research new phones and find out if the phone you intend to buy has patched this particular security hole or not. If you can get your hands on a physical phone you intend to buy (say in a store), the links above include an app you can install to find out if the phone is patched against this security vulnerability.

Community News

Need Help? 
Please try Searching the Community, we have many questions already answered, you can also check out the Knowledge base.
If you have an account question you can create a post and one of our Social Care Agents will help you.
If you need immediate assistance please visit Sprint Chat