Defend what you create


  • 無料ユーティリティ、プラグイン、インフォーマー
  • Dr.Web AV-Deskサービスプロバイダーのためのインターネットサービス
  •ネットワーク修復ユーティリティDr.Web CureNet!


+ マイライブラリに追加

24時間体制サポート | テクニカルサポート利用方法



+7 (495) 789-45-86




A vulnerability in the Android system which allows cybercriminals to modify the APK applications without changes in their digital signature. The Android architecture implies that all developers must sign their applications. When installing updates, the system checks their digital signature and, if it complies with the current version, the update is installed.

The Janus vulnerability allows to add additional content to the APK application without modifying the digital signature. That’s why cybercriminals can integrate a malicious module into an update of some secure program. This module will be freely installed and launched on a vulnerable device.

If Dr.Web for Android has detected this vulnerability, it is strongly recommended that you contact the device manufacturer to get necessary updates for the operating system.

Technical details

The Janus vulnerability allows to integrate a modified executable DEX file into the APK file, which is an archive. This DEX file does not have influence on the digital signature. In other words, cybercriminals can use Janus to replace the executable file of an application with a malicious copy which has all system permissions of the original file. Only applications that use the digital signature on the basis of JAR, which was replaced with the new technology Signature Scheme v2 in Android 7.0 Nougat, are subject to the vulnerability. In new Android versions, the only vulnerable applications are those not using the latest technology of the digital signature and also programs downloaded and installed not from Google Play. The following Android versions are vulnerable: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0.

See also information about other vulnerabilities




2007 年、アンチウウイルスサービス(SaaS)の提供が開始しました。


© Doctor Web
2003 — 2020

Doctor Webは、ロシアに本社を置く、『Dr.Webアンチウイルスソフトウェア』のデベロッパーです。その製品の開発は1992年に始まりました。

株式会社Doctor Web Pacific 〒105-0003 東京都港区西新橋1-14-10 西新橋スタービル 2F