Huge Janus bug leaves Android apps open to unauthorized code modification

Researchers from security firm GuardSquare have discovered an Android vulnerability that allows for app code to be edited with affecting the apps' signature. Dubbed Janus, the vulnerability has massive potential for malicious use, and affects Android 5.0 onwards. The security hole would allow an attacker to tweak an entirely legitimate app to behave maliciously without triggering any security alerts. Although vulnerability CVE-2017-13156 has been patched in December's Android update, very few people will have access to this security fix. On the plus side, check performed on apps that are submitted to Google Play should mean that anything obtained via official… [Continue Reading]