Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue

“Researchers led by North Carolina State associate professor Xuxian Jiang have discovered a serious flaw in the Android OS’s approach to app security,” International Business Times reports. “They found that some pre-loaded apps and features from Android device manufacturers could be exploited by hackers.”

“Some of them are built on top of the existing Android architecture in such a way as to create potential ‘backdoors’ that can be used to give third-parties direct access to personal information or other phone features, said Jiang,” IBT reports. “The breach of some of these permissions could allow hackers to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations, the study stated.”

“The Android devices the researchers tested consisted of the HTC Legend, HTC EVO 4G, HTC Wildfire S, Motorola Droid, Motorola Droid X, Samsung Epic 4G, Google Nexus One and Google Nexus S,” IBT reports. “The researchers said as of their writing of the study, Motorola and Google confirmed the reported liabilities while HTC and Samsung have been really slow in responding to, if not ignoring, [their] reports/inquiries.”

IBT reports, “The leaks found by the study highlight a vulnerability in the Android OS’s primary approach to app security. Apple’s iOS, for example, uses a vetting process that scrutinizes each third-party app before they are put on the app store… [With Android], the apps themselves are not put through an Apple-like vetting process.”

Read more in the full article here.

MacDailyNews Take: “Open” in all the wrong ways.

[Thanks to MacDailyNews Reader “Joe Architect” for the heads up.]

Related articles:
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010


  1. How can we get the word out? This will never be widely publicized. Too much money at stake. I’m just glad I’m impervious (to a certain degree) to these things. Someday, the masses will learn.

  2. This eclipses Apple’s Maps failures by a long shot. No doubt Apple fandroids/fanbois will make the illogical conclusion that Android’s security flaws somehow erase the errors and unreliabties of Maps.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.