Certifi-gate, the Android-related security hole found by Check Point, is now out in the wild. Worse still, Check Point claims it's hiding in a Google Play approved application: Invisibility Ltd.'s Recordable Activator.
This program is designed to enable its users to record Android screencasts. To do this, the Recordable Activator app bypassed the Android permission model to use the older vulnerable TeamViewer remote control software plug-in to access system level resources and to record the device screen. Before the release of Android 5.0, Lollipop, you couldn't do this with the standard Android application programming interfaces (API).
TeamViewer has fixed the Certifi-gate hole. According to the company, "The updated version of TeamViewer QuickSupport for Android includes an improved security mechanism to ensure safe communication between internal app components. This enhancement prevents potential misuse of the QuickSupport app and its Add-On on compromised devices." Recordable Activator, because it's built around an older version of the program, is vulnerable to attacks that can record whatever's on your screen.
Check Point asserts that TeamViewer claims "the way this app uses its plug-in is a violation of the code's use and that it does not allow any third parties to use their code." What's happened is that Invisibility enabled Recordable Activator to record the screen without root access by taking advantage of an older TeamViewer user module's Certifi-gate security hole.
Invisibility disagrees. According to a PC World report, Recordable Activator's creator Christopher Fraser had discovered the flaw in April 2015. He used it because it made recording the screen much easier and TeamViewer explicitly allowed its customer modules to be used with third-party software.
While they argue about who's responsible for enabling Certifi-gate attacks, users should be cautious. If you're one of the 100 to 500-thousand users who've downloaded Recordable Activator, you should uninstall it immediately. It's certain to be attacked by zero-day hackers.
Google removed Recordable Activator from the Play Store on August 25th. The program is still available on third-party Amazon app stores. It can also be found under a different name on the Amazon app store as EASY screen recorder.