Google has released a patch for the “Master Key Vulnerability” that was revealed a few months ago. The patch has to go through the OEMs (Samsung, HTC, etc), then it will be pushed to your phone. The security hole affected how Android apps were cryptographically verified and installed, with the exploit allowing someone to modify the software but without changing the encryption. This vulnerability exists in nearly every version of Android, potentially affecting 900 million users. Google says the odds of this actually affecting your phone is “unlikely”. There’s a greater chance if you manually install apps to your phone, by copying the APK file to your phone and installing it without going through the Google Play Store.
“We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools” Scigliano (Android’s Communications Manager) said of the exploit, pointing out that “Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play.”