Bluebox Security, the same outfit that last year identified a worrisome (but thankfully patched) flaw in the Android app-packaging system, has done it again. On Tuesday, the company said it had found a new Android vulnerability that potentially allows the stealthy theft of information from millions of devices. Those with old Android handsets that no longer receive firmware updates are particularly at risk. However, as with the last time round, Android fans should check the details before freaking out – they’re probably not going to get hurt if they only install apps through the Play Store. The “Fake ID” vulnerability lies in the way Android processes the digital signature identities attached to apps from a handful of vendors. The operating system is configured to automatically accept Adobe apps, for example, and those from certain other vendors including device management outfit 3LM.