CIO Today reports that Google released a fix on Tuesday for the "Master Key" vulnerability that could open up 99 percent of all Android applications to the danger of becoming undetected Trojans. The potential vulnerability, revealed last week by security firm Bluebox Security, could affect almost 900 million devices.
Google was notified of the problem in February this year and has been working on a fix ever since.
It has now released a patch to original equipment manufacturers. Users will have to rely upon their hardware providers for the update, according to CIO Today.
Every application has a "cryptographic signature", which is supposed to prevent tampering. The flaw would allow hackers to change applications while leaving that signature intact.
Android users can manually check for system updates through the settings menu.
Google's Android Communications Manager Gina Scigliano told news media that some of the OEM partners, like Samsung, as "already shipping the fix to the Android devices". She added that Google has not seen "any evidence" of the Master Key hack being exploited in Google Play or other app stores, as seen in results of the company's security scanning tools.