Bluebox Security Scanner

Bluebox Security Scanner


July 2014: Now includes scanning for Fake ID vulnerability!

The Bluebox Security Scanner will scan your device to determine:
- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices
- If your system settings allow 'Untrusted Sources' application installs
- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws

Further details of the Android "Fake ID" and "Master Key" security flaws are available at:
- http://bluebox.com/technical/android-fake-id-vulnerability/
- http://www.bluebox.com/blog/technical/uncovering-android-master-key-that-makes-99-of-devices-vulnerable/


NOTICE: the scanner currently cannot check .APKs in the /mnt/asec/ (copy protected apps) directory; this is a security limitation enforced by Android OS. You are told how many were skipped, and given a checkbox (if one or more are skipped) to enable seeing the full list of details if you so choose.

Currently we do not have a reliable way to test for bug 9950697; however, the fix for 9950697 tends to be paired with fix for bug 10148349. So use the patch status of bug 10148349 as an indicator to patch status of bug 9950697.

Recent changes:
Changes in 1.9:
Now includes scanning for Fake ID vulnerability!
Add to list
Free
88
4.4
User ratings
2499
Installs
100,000+
Concerns
0
File size
136 kb
Screenshots
Screenshot of Bluebox Security Scanner Screenshot of Bluebox Security Scanner Screenshot of Bluebox Security Scanner

About Bluebox Security Scanner
July 2014: Now includes scanning for Fake ID vulnerability!

The Bluebox Security Scanner will scan your device to determine:
- If your system is vulnerable or patched to any of the "Fake ID" or "Master Key" security flaws affecting most Android devices
- If your system settings allow 'Untrusted Sources' application installs
- If any installed application on your device is trying to maliciously take advantage of any of the 'Master Key' security flaws

Further details of the Android "Fake ID" and "Master Key" security flaws are available at:
- http://bluebox.com/technical/android-fake-id-vulnerability/
- http://www.bluebox.com/blog/technical/uncovering-android-master-key-that-makes-99-of-devices-vulnerable/


NOTICE: the scanner currently cannot check .APKs in the /mnt/asec/ (copy protected apps) directory; this is a security limitation enforced by Android OS. You are told how many were skipped, and given a checkbox (if one or more are skipped) to enable seeing the full list of details if you so choose.

Currently we do not have a reliable way to test for bug 9950697; however, the fix for 9950697 tends to be paired with fix for bug 10148349. So use the patch status of bug 10148349 as an indicator to patch status of bug 9950697.

Recent changes:
Changes in 1.9:
Now includes scanning for Fake ID vulnerability!

Visit Website
User reviews of Bluebox Security Scanner
The Bluebox "Master key" Security Scanner will scan your device to determine: - If your system is vulnerable or patched to any of the "master key" security flaws affecting most Android devices (there are multiple 'master key' flaws at this point) - If your system settings allow 'Untrusted Sources' application installs - If any installed application on your device is trying to maliciously take advantage of any of the 'master key' security flaws
Jul 27, 2013
Android Market Comments
A Google User
5 hours ago
Must have app You need to know if your device has been compromised.
A Google User
6 hours ago
Questions ... many questions Your software tells me I am vulnerable for Fake ID. Talking to Google they say I am not. What gives here. I'm running an S5 from AT&T using 4.4.2 at what AT&T tells me is the most up to date version.
A Google User
10 hours ago
Unix like tool. This app does one thing and does it really well.
A Google User
11 hours ago
best i like the vigilante attitude of blue box. best of all, it works. like batman, defending the people from the bad guys. thank you.
A Google User
12 hours ago
Solid Gave me solid info on what was patched and what apps it couldn't scan.