Last week we met thanks to Bluebox Security until 99% of devices Android could be affected by a security flaw related to the cryptographic signature of Android applications, a vulnerability that today we have known that it was corrected by Google a few months ago.
Google fixed this vulnerability last February in the source code for Android 4.2.2 (AOSP) within a few days of being informed by Bluebox Security. The problem is that very few devices that have Android 4.2.2 (Jelly Bean) have been updated to the version with the problem solved. Time only knows that the One HTC and Samsung Galaxy S4 with Android 4.2.2 carry the version without the vulnerability.
Google on the other hand already solved the problem on Android and now the problem lies with manufacturers who need to update their devices to correct the error, but here we also have to Google, since it seems that still has not corrected the bug in your Nexus devices, are perhaps waiting for to do with Android 4.3 (Jelly Bean). On the other hand, the CyanogenMod team has announced that they will soon corrected this bug in their ROMs.
If you want to have more information about the vulnerability of the cryptographic signature of Android applications our colleagues from Engadget tell us in detail that is, who are these firms and how we can protect ourselves.