Symantec spots two Android apps using 'master key' vulnerability