Lumbering like the old-school technology firms it sometimes derides, Google has finally issued a patch for a master key vulnerability in Android that Bluebox called to its attention back in February. "Is Google eating their own dog food?" asked Randy Abrams, a research director at NSS Labs. The vulnerability lets attackers modify Android apps into Trojan apps without breaking their APK signature.