ReKey is a new application for root users that fixes the recently-disclosed 'Master Key' vulnerabilities that affect nearly all Android devices in the wild and could potentially allow attackers to take full control of a user's mobile device.
The ReKey app, available to download free of charge from the Play Store, allows root users to immediately patch their device without waiting for the relevant security update from their manufacturer / carrier.
ReKey is the result of a research collaboration between the cloud-based two-factor authentication provider Duo Security (who we're big fans of!) and Northeastern University's System Security Lab (NEU SecLab).
This problem once again highlights the problem of Google leaving security updates to all the various parties beyond their control. There was once discussion of Google providing 'core security updates' with the manufacturer / carrier layers on top, but this sadly proved too difficult to achieve with the various certification requirements around the world for the software. I wonder what has to happen before that becomes a reality...?