Android Fake ID: An Android Fake ID that allows malware to insert malicious code into third party apps, access user credit card data and control smartphone and tablet settings has been uncovered and fixed by Google (GOOG).

BlueBox Labs, a mobile security firm said that smartphones and tablets were at high risk because a 'malware special permission' was not required for the Android Fake ID to get into action. BlueBox issued a warning to Google early enough so that their new OS Android L could be fixed.

A spokeswoman from Google said, "We appreciate BlueBox responsibly reporting this vulnerability to us. Third-party research is one of the ways Android is made stronger for users."

She added, "After receiving word of this vulnerability, we quickly issued a patch that was distributed to Android partners, as well as to the Android Open Source Project."

Nevertheless, there are devices in the thousands that operate on earlier OSs like Android 2.1 to Android 4.3. have not received the fix by network operators. These devices are at risk if apps are downloaded using a non-Google Play store.

The chief technology officer at BlueBox says, "That missing link of confirmation is really where this problem stems," adding, "The fundamental problem is simply that Android doesn't verify any claims regarding if one identity is related to another identity," a report by BBC claimed.

Another problem with the Android Fake ID is that just one app can create numerous fake ids simultaneously, which allows for multiple malicious attacks.
Dr Steven Murdoch, a security analyst at University of Cambridge's computer laboratory said that the Android Fage ID is a serious flaw.

"Google will be looking for people who are exploiting this vulnerability in applications being distributed through its own Google Play store."