A vulnerability exists in the way Android verifies the digital signatures of application packages. It allows attackers to turn legitimate apps into Trojan programs. The vulnerability presents benefits for Android malware authors because it allows them to add malicious code to legitimate app packages and update the original applications if they are installed on the targeted devices. Google made changes to Google Play in order to detect apps modified in this way and that a patch has already been shared with device manufacturers, a researcher says. A proof-of-concept exploit was released Monday on Github.”]