IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
This exploit took advantage of a vulnerability in the way Android checks the certificates of applications, and allows a fake certificate (or “fake ID”) to be used to grant permissions that an app like Flash or Gmail would have when the permissions should be restricted. This can allow malware to more or less take over the entire device. There is no real fix for it on the use end, other than to stick to Google Play and only install apps with a large user base from trusted developers. Google has issued updates and made changes to Play to try to keep out malicious apps that use the exploit. This is no guarantee of complete mitigation of this risk, but it should help.