A four year-old vulnerability in an open source component that is a critical part of Google’s Android mobile operating system could leave mobile devices that use it susceptible to attack, according to researchers at the firm Bluebox Security. FAKEID Logo A flaw in the way Google’s Android verifies mobile applications opens the door to widespread attacks, according to researchers from Bluebox Security. The vulnerability was disclosed on Tuesday. It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was introduced to Android by way of the open source Apache Harmony module.

https://securityledger.com/2014/07/old-apache-code-at-root-of-android-fakeid-mess/