Android tablets at Best Buy, Target, Amazon, Walmart found to include major security flaws, malware

All of the dozen different "doorbuster" Android tablets Bluebox examined were found to include unpatched Android vulnerabilities including Masterkey, FakeID, Heartbleed and Futex, while more than a quarter were sold with security misconfigurations or active backdoors installed.

Bluebox discovered Android's Masterkey "zombie botnet" vulnerability last year and detailed FakeID super malware earlier this summer.

While Google has released patches for both flaws—in addition to Android's Heartbleed and Futex bugs—the fact is that major retailers are actively promoting new Android products that still harbor these unpatched vulnerabilities. Several devices also ship with remote exploits wide open, block access to Google Play and deactivate security features Google has added to Android.

Best Buy offers one of the worst

Among the worst devices being sold was a DigiLand Android tablet offered by Best Buy, which was running software signed by the Android Open Source Project test key. The security firm noted this key "is not supposed to be used for signing the firmware of commercial devices because it allows an attacker to easily create a Trojan system update!"

http://bit.ly/1rjuGx6

So if you need a present for a relative you really don't care for, get an Android device.