The Android Installer Hijacking vulnerability can be used by attackers to potentially distribute malware, compromise devices, and steal user data. This free applications from Palo Alto Networks detects if your device is vulnerable to this serious exploit, allowing you to take steps to protect your sensitive data.
Before you start testing on your device, please read the [How-to-use] below. Go through the video bellow will also be greatly helpful. Thanks for your patience.
Briefly, this vulnerability has been patched on Android version 4.4 and up. Devices with Android version 4.3 may contain this vulnerability, depending on vendors. Devices with Android version <=4.2 all have this vulnerability.
Learn more about the vulnerability here: http://researchcenter.paloaltonetworks.com/2015/03/android-installer-hijacking-vulnerability-could-expose-android-users-to-malware/
* [IMPORTANT] To install the dummy app, it requires you to enable the "Unknown Sources" setting (Thank David LaVeque for the reminder). If you did not change the setting before trying the scanner app, your phone may be falsely reported as vulnerable. In this case, please click 'reset' button, and retry the app.
* Please follow the step 1 -> 2 ->3 to finish the scan. Step 1 starts an app installation procedure. Please follow the procedure and install that dummy app. Step 2 helps to check the existence of vulnerability. Step 3 'reset' will remove that dummy app you just installed.
* You may be asked to install an apk file. This is a dummy app with no content. Since this is a OS vulnerability, we have to go through the installation procedure in order to determine if the device is vulnerable or not. This dummy app will be uninstalled when you press the 'reset' button.
* If the device does not contain this vulnerability, the dummy app will not be installed. So, when you press the 'reset' button, the app uninstallation window will not pop up.
* On some devices, after first install, some devices may report error with "Parser Failure". Please restart the app and try again.
Copryright: Copyright ©2015, Palo Alto Networks, Inc. All rights reserved. Palo Alto Networks, the Palo Alto Networks Logo, are trademarks of Palo Alto Networks, Inc. All specifications are subject to change without notice. Palo Alto Networks assumes no responsibility for any inaccuracies in this document or for any obligation to update information in this document. Palo Alto Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.