Chinese researchers have identified another vulnerability that could be leveraged to modify Android apps without altering their cryptographic signatures.
In a blog post (Chinese), the experts explain that the security hole is different from the one identified by Bluebox Security, but its effects are the same.
However, the method described by the Chinese experts is more limited because it works only on APK files that are under 64KB in size.
Bluebox Security says that it has discovered a “slightly different” vulnerability than the one from the Chinese blog post that has fewer limitations. This method has already been reported to Google and a patch has already been released for it.