For four years, there has been a a hole in the security of Android, known as the "Master Key vulnerability", that was threatening to harm the smartphones and tablets owners through apps out of the Play Store zone. Once again, Bluebox Security has discovered the security flaw, that was found to influence the way in which the apps were cryptographically verified and installed, causing those malicious ones to change the software without modifying the encryption.
This security problem was initially worsened in the public's eye, discussing about 900 million potential victims among the Android users, but the true situation was way less serious. Because Bluebox had announced Google of this matter at the beggining of this year, there has been a lot of work put on for a temporary fix for the Play Store apps. Consequently, the only way to interact anymore with a malicious app is to install it otherwise than through Play Store - such as getting it manually or through a transfer which was not downloaded from the Play Store. Google has reported that even this has been patched, through a solution from OEMs.
Gina Scigliano, the manager of Android Communications, states that Google can confirm the fact that they provided a patch to their partners and that Samsung, for instance, is already shipping the fix towards the Android devices.
The drawback in this situation is, as in many cases, the fact that users of Android devices are often waiting a significant period of time until the manufacturers of their devices provide the updates for them, even when we are talking about the main Android devices.
However, the essence of this matter is to acknowledge that this is not a serious issue, and that Google is handling it, Gina Scigliano also adding that there was no evidence of exploitation in the Google Play area through their security scanners.