New "Fake ID" exploit allows new types of Malware on Android?

A new Android design error discovered by Bluebox Security allows malicious apps to grab extensive control over a user’s device without asking for any special permissions at installation. The problem affects virtually all Android phones sold since 2010.

Bluebox calls the flaw “Fake ID” because it allows malware apps to pass fake credentials to Android, which fails to properly verify the app’s cryptographic signature. Instead, Android grants the rogue app all of the access permissions of whatever legitimate app the malware claims to be.