About a week ago, reports hit the internet that AirDroid, an app that helps to connect Android devices with PCs for remote control and other nifty functions in a web-based interface, had some serious security holes . The vulnerabilities in the app potentially allowed anybody on the same network as a user who was using AirDroid to gain control of their Android device and run whatever code or apps on it that they would like. The nasty bug was made possible by the fact that a given user’s encryption key was right there in the code for the app, meaning that anybody with either physical access to the device or a way to look at the data inside of it could cause harm. Apatch went out within a few days on the app’s beta channel, and is now hitting the stable channel via the Play Store for all users, along with a few other tweaks.
The newest update to AirDroid, available right now in the Play Store, brings the app up to version number 4.0.0.3, with the PC side now running on version number 3.3.5.3. The update’s flagship feature is the closing up of the security holes that had been found, using the same method that had been put to the test with the beta version of the app and largely eliminated any potential trouble for users. The fix is now fully implemented on both ends, and barring a brand new exploit, AirDroid should now be completely secure.
Along with patching up the nasty exploits that had caused worries a week before, the new update also upgrades the app’s encryption algorithm to work a little bit faster and more securely. The connection protocol for the app has also been upgraded to HTTPS, keeping connections secure from the ground up while allowing continued compatibility with all current features and devices that could be used with the app before. In a statement to the press, AirDroid has sworn to take a more proactive approach to security in the future, reacting to new threats and detecting and patching up exploits before they can cause problems for users.
