A potentially catastrophic security flaw has been found that could leave virtually every Android device open to hackers.

According to researchers at Bluebox Security, the 'master key' issue is fundamental to the way Google's open mobile operating system works - and only one device has so far been patched.

The issue apparently affects all versions of Android since version 1.6, meaning up to 900 million devices could be vulnerable to the flaw.

The method demonstrated by Bluebox would let app developers modify an update to a legitimate app to look like a system file, which can then be used to take control of a phone. With the right signature disguising its real motives, the update could log passwords, credit card information, photos, emails - essentially anything on your mobile device.

"The implications are huge," Bluebox explains on its website.

"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."

It adds:

"All Android applications contain cryptographic signatures, which Android uses to determine if the app is legitimate and to verify that the app hasn't been tampered with or modified. This vulnerability makes it possible to change an application's code without affecting the cryptographic signature of the application - essentially allowing a malicious author to trick Android into believing the app is unchanged even if it has been."

The bug was reported to Google in February, Bluebox CTO Jeff Forristal says, but it's up to device makers and mobile networks to develop, issue and install the updates.

So far only the Galaxy S4 is not affected - indicating that patches are being worked on, but are not widely available.

Bluebox recommends that users of Android devices be extra cautious in downloading only apps where they are sure of the content, and wants businesses to prompt all uses to keep their devices updated.

As for Google themselves, Engadget reports that they had "no comment" about the Bluebox report.

Loading Slideshow...
  • HTC One M8

    The 2014 update to the HTC One builds on the same hardware features that won the original such a fanatical response, but keeps the essential DNA intact. The massive front-facing speakers are 25% louder, the UltraPixel camera adds a second lens for depth perception (so you can refocus an image after shooting it), and there's a 5-megapixel 'Selfie' front facing lens too. [<a href="www.huffingtonpost.co.uk/2014/03/26/htc-one-m8-review_n_5035163.html?1395847758" target="_blank">REVIEW</a>]

  • Sony Xperia Z2

    Sony's latest flagship Xperia smartphone is a beautiful, thin and waterproof delight. It packs in a 20-megapixels still camera capable of 4K video, a sleeker form factor, a far better screen and built-in noise cancellation technology.

  • Samsung Galaxy S5

    This year's Galaxy S adds water resistance, a slightly larger screen, a 16-megapixel camera and a heart-rate sensor into what was already a market-leading, powerful and sleekly designed device. It doesn't rock the boat too much, but it didn't need to. This is still up there with the very best Android phones.

  • Google LG Nexus 5

    The new Nexus 5 is based on the internals of the LG G2 - which means you get the same Snapdragon 800 processor, as well as the full version of Google's new Android 4.4 KitKat OS, which integrates SMS messages into Hangouts, freshens up the design and adds new features under the hood. The camera is still a little lacking, while the design is functional rather than beautiful, but at £299 off contract it's still a steal.

  • iPhone 5C

    The 5C was rumoured to be Apple's 'budget' iPhone. It isn't - and not only because it isn't that cheap. The "proudly plastic" 5C comes in five colours (see what they did there) <a href="http://www.huffingtonpost.co.uk/2013/09/10/iphone-5c-uk-pictures-release-date_n_3899557.html?utm_hp_ref=uk-tech" target="_blank">but has the same internals, screen and camera as the iPhone 5.</a> It's essentially the same beautiful, high-end phone you already know and love, in a more colourful (and potentially divisive) design. As such it's hard to see how Apple won't sell a billion of them.

  • Nokia Lumia 925

    <a href="http://gdgt.com/nokia/lumia/920/" target="_blank">The Nokia Lumia 925</a> has the same great design and attention to detail we've come to expect from Nokia, but with some crucial upgrades from the 920 including a thinner, all-metal design and an improved camera.

  • iPhone 5S

    With the same ultra-clear Retina display as the iPhone 5, but now with an <a href="http://www.huffingtonpost.co.uk/2013/09/10/iphone-5s-uk-pictures-release-date_n_3898775.html?1378818683&utm_hp_ref=uk-tech" target="_blank">added fingerprint sensor</a>, a seriously impressive 64-bit A7 chip, an improved camera and a new gold design option, this is the best iPhone ever made. And with its consistent market-leading app selection, easy-to-use OS and delightful design, it's hard to argue against it being one of the very best gadgets ever made too.

  • LG G2

    The LG G2 is an extremely high-end 5-inch, 1080p Android 4.2.2 smartphone whose major distinguishing feature is that it has three buttons on the back of the device, which are normally found on the sides. The G2 has its camera button and volume rocker on the rear, which for many people is enough to justify the purchase alone. It also has excellent battery life for this class of device.

  • Samsung Galaxy Note III

    The Note III is huge. It's got a 5.7-inch screen, though with the same 1080P resolution as the Note II. It adds a new leather back panel, which gives it an 'office' feel in line with the productivity-plus-stylus theme of the device. It also adds a Snapdragon 8000 quad-core processor, some new software enhancements and a few new S-Pen functions into the mix. If you're looking for a giant note-taking phone, this is still your best bet.