Ninety-nine percent of Android phones contain a "master key" flaw that allows hackers to access all apps inside the phone, according to Jeff Forristal, CTO of Bluebox Security.

The flaw leaves Android phones massively vulnerable to malware, botnets and computer fraud, he claims in a blog post:

The implications are huge!

... Installation of a Trojan application from the device manufacturer can grant the application full access to Android system and all applications (and their data) currently installed. The application then not only has the ability to read arbitrary application data on the device (email, SMS messages, documents, etc.), retrieve all stored account & service passwords, it can essentially take over the normal functioning of the phone and control any function thereof (make arbitrary phone calls, send arbitrary SMS messages, turn on the camera, and record calls).

Google was alerted to the flaw in February, Forristal told the Black Hat USA conference for internet security experts.[...]

The flaw has existed since 2009, according to Endgadget.



I wanted to post this revelation now before I book my flight to Hong Kong and live out my days as a hero for revealing this.

I have also sent emails of this revelation to others that I trust, so in case something should happen to me, The Truth Is Out There.

This is not about me.

True, I could have just passed this along undramatically and anonymously to WikiLeaks and the information would be out there.

But I wanted you and the world to know that I selflessly am revealing this and am unbowed.

Your Email has been sent.