How to Patch the Latest Android "Master Key" Bugs on Your Samsung Galaxy S3

A few weeks ago, Bluebox Security uncovered a bug that could potentially effect 99% of Android devices. Bug 8219321, dubbed the Master Key bug, works by allowing applications with modified code to pass Android's signature verification system, thereby bypassing security measures that normally wouldn't allow these apps to be installed.

How does this effect you? Well, modified apps can cause a lot of havoc on your Samsung Galaxy S3, the biggest concern being the availability to send out all of the information stored on your device. That means your contacts, messages, emails, passwords, and more can be accessed by the maliciously minded.

Literally days after the discovery of the Master Key bug, a Chinese firm called Android Security Squad discovered a similar exploit—Bug 9695860. While taking a different approach, the effects of this vulnerability are virtually the same as the Master Key bug.

Now that you know the danger, let's eliminate it!

Step 1: Make Sure You're Rooted

You cannot patch these bugs unless you're rooted, so if you're not, check out my past guide for instructions.

Step 2: Make Sure Unknown Sources Is Checked

By now, this should be a given for any softModder, but just in case you've turned it off, make sure to enabled Unknown sources by going to Menu -> Settings -> Security.

Step 3: Install the Xposed Framework

Previously, I covered installing the Xposed Framework onto the Samsung Galaxy S4, and the process is the same for every Android device, including our GS3s—and it couldn't be simpler.

  1. Download and install the Xposed Framework APK onto your device.
  2. Open up the app and select Install/Update to ensure you're on the latest version.
  3. Reboot your device.

Step 4: Install Master Key Dual Fix

App developer tungstwenty created Master Key Dual Fix to simply and easily patch these two potentially dangerous bugs. Now that you have the Xposed Framework installed and up to date, just download Master Key Dual Fix from Google Play and install like any other app.

While accessible through your app list, this is a module that only works in conjunction with the Xposed Framework.

Step 5: Activate the Module

Once you install the patch, you'll notice an extra notification in your Notification tray.

Go ahead and tap on the "Xposed module is not activated yet" notification and it'll launch into Xposed Framework. From there, tap the Modules tab and check the box next to "Master key dual fix."

Step 6: Reboot Your Device

Unlike other Xposed modules, there are no settings to mess with. Once you've checked the module, you simply need to reboot for the patches to take effect.

Step 7: Verify the Bugs Were Patched

After you've rebooted, head back to Xposed Framework (either through your app drawer or Settings), select the Master Key module, and make sure it states that you're safe. Look for the green text.

That's all there is to it! If you have any issues or questions, post away in the comments below.

3 Comments

Thanks so much for all the hard work, its really appreciated!

whats the use of that master thingy??

Share Your Thoughts

  • Hot
  • Latest