Vulnerability affects all versions of Android operating system from 2.1 (released in 2010) up to Android 4.4, also known as KitKat. Affected devices include HTC, Pantech, Sharp, Sony Ericsson, and Motorola. Fake ID allows malicious applications to pass fake credentials to Android OS, which fails to properly verify the application’s cryptographic signature. Google already released a patch to its partners in April, but it still leaves a millions of handsets out there that are still vulnerable.
Source: https://thehackernews.com/2014/07/android-fake-id-vulnerability-allows_29.html