Last week news of a new security vulnerability in the Android package installer emerged, which could potentially allow one app to take over another's permissions. Dubbed "Fake ID," the issue was patched by Google shortly after disclosure in April, and many Android devices are already protected through the Play Store and Google Play Services. Nevertheless, it's an issue to be taken seriously, and so we reached out to the major manufacturers to find out their plans. Today Sony has told us it's aware of the problem and has been putting Google's fixes in place.
A Sony statement given to Android Central reads:
"We are aware, and have received relevant patches from Google to correct this issue. As a part of standard precautionary procedure, we are making them available for Xperia devices through our retail partners within normal and regular software maintenance."
For what it's worth, Bluebox's own scanner app shows that the bug is already fixed in the latest Sony Xperia Z2 firmware. Owners of other Xperia handsets, if they're not already patched, can expect the Fake ID fix in future maintenance releases.