TrustGo Releases Update to Protect Against Security Flaw In Nearly All Android Devices

Recently Identified Vulnerability Could Generate Fake SMS Messages for Phishing Attacks

Santa Clara, Calif., November 16, 2012 – TrustGo Mobile Inc. (TrustGo), a leading mobile security company, today announced that its TrustGo Antivirus & Mobile Security has been updated to detect a new class of malicious apps that could exploit a significant vulnerability found in virtually all Android devices.

The flaw, discovered by researchers at North Carolina University, could enable malware makers to initiate “smishing” (SMS-based phishing) attacks against users in which fake messages are generated that can trick users into providing sensitive data like passwords, account numbers or PINs to the malware developer.

To help families decide which apps are safe to download and which ones should be avoided, the TrustGo Halloween Spotlight also provides a security rating of apps, categorizing all 1.7 million apps they have scanned into one of four categories:

<pStartlingly, these attacks can be executed in apps that do not ask for any permissions from the user, completely circumventing the bulk of Android’s inherent security features. The flaw has been confirmed in Android devices running versions 2.2 (Froyo), 2.3 (Gingerbread), 3.1 (Honeycomb), 4.0 (Ice Cream Sandwich), and 4.1 (Jelly Bean), comprising 96.5% of all Android devices.

“This new vulnerability highlights the value that independent security providers like TrustGo bring to the Android platform,” says Xuyang Li, CEO of TrustGo. “The mind boggling array of devices, carrier-customized operating systems, not to mention hundreds of third-party marketplaces and developers, makes it nearly impossible for Google to catch all the security vulnerabilities, police all the apps against malware or ensure that users’ privacy is strictly honored.”

Since being notified on October 30, 2012, Google confirmed the vulnerability and has committed to fixing the flaw. However, due to the fragmentation of the Android platform, it is unlikely that patches will be available for earlier versions of the OS at the time of its release. As such, as many as 94% of Android users will remain unprotected from this vulnerability for some time, and some users may never receive the patch because older operating systems are no longer being supported.

Tips for Securing Your Android Device
  • • Never download apps from links in text messages or emails
  • • Check and read the requested permissions for apps before you install
  • • Avoid apps that request permissions not directly applicable to the app’s function
  • • Install a third-party mobile security app like TrustGo Antivirus and Mobile Security

About TrustGo Mobile Inc.

TrustGo Mobile Inc. (TrustGo), a leading mobile security company, provides users a simple way to keep their devices safe. TrustGo’s total security and management solution provides advanced cloud-based protection for smartphones and tablets. It gives users greater freedom and control in their mobile lives through a comprehensive approach to security. In addition to real-time protection from malicious apps, websites, privacy breaches, theft and identity leaks, TrustGo also offers robust mobile device management (MDM) and secure app discovery features. TrustGo was founded by web security veterans in 2011 and is headquartered in Santa Clara, California. TrustGo is available now on Google Play. For more information, please visit

Media contact:

Sharon Sim-Krause Joanne Seow
Phone: 415.420.1889 Phone: 858.699.4027
Email: Email: