Check Point, the company that disclosed the Certifi-gate vulnerability a few weeks ago, has published a blog post with further analysis of the problem. The security researchers report that an app called Recordable Activator was exploiting the vulnerability, using TeamViewer's plugin to gain system-level access and record the screen. The app has now been removed from Google Play, although Check Point claims it had somewhere between 100,000 and 500,000 downloads before that point.
The security company provides an application that tests whether a device is vulnerable and collects anonymous data. It's important to make a distinction: a "vulnerable device" is exploitable only if the user installs a remote support plug-in, while one that's both vulnerable and has a plug-in installed is far easier prey. Only 42.1% of scanned devices are considered clean, and a further 42.1% are vulnerable but unaffected. Of the 15.8% of devices that are vulnerable and have a remote support plug-in installed, 0.1% are under active exploit.
The company also provides a breakdown by manufacturer. Sony's devices fared well with a 99% clean rating, but the same can't be said for Samsung and HTC. Only 14.8% and 5% of devices from those manufacturers are considered safe, respectively. LG was the worst by far—only 8.6% of its devices are clean, and a whopping 72.4% have a vulnerable remote support plug-in installed.
Check Point also provides mitigation guidelines. For devices under active exploit or that have a vulnerable plug-in installed, it's recommended that users disable remote support services in Android's app management. For devices that are are vulnerable but don't yet have remote support apps, users are advised to avoid installing them, and run Check Point's scanner app afterwards if they do.
As a final note, Check Point is pretty clear on the patching situation for this vulnerability: the company says "as far as we know today, no device manufacturers have delivered a patch."