“Researchers led by North Carolina State associate professor Xuxian Jiang have discovered a serious flaw in the Android OS’s approach to app security,” International Business Times reports. “They found that some pre-loaded apps and features from Android device manufacturers could be exploited by hackers.”
“Some of them are built on top of the existing Android architecture in such a way as to create potential ‘backdoors’ that can be used to give third-parties direct access to personal information or other phone features, said Jiang,” IBT reports. “The breach of some of these permissions could allow hackers to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations, the study stated.”
“The Android devices the researchers tested consisted of the HTC Legend, HTC EVO 4G, HTC Wildfire S, Motorola Droid, Motorola Droid X, Samsung Epic 4G, Google Nexus One and Google Nexus S,” IBT reports. “The researchers said as of their writing of the study, Motorola and Google confirmed the reported liabilities while HTC and Samsung have been really slow in responding to, if not ignoring, [their] reports/inquiries.”
IBT reports, “The leaks found by the study highlight a vulnerability in the Android OS’s primary approach to app security. Apple’s iOS, for example, uses a vetting process that scrutinizes each third-party app before they are put on the app store… [With Android], the apps themselves are not put through an Apple-like vetting process.”
Read more in the full article here.
MacDailyNews Take: “Open” in all the wrong ways.
[Thanks to MacDailyNews Reader “Joe Architect” for the heads up.]
Related articles:
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010
Would you deposit your money in an Android bank?
You think this is bad, look at this gem:
http://semiaccurate.com/2012/05/15/intel-small-business-advantage-is-a-security-nightmare/
Droid Does………yes It does nothing to protect your mobile information. Pathetic.
Droid “does YOU”! Lol
When you make $10 per phone you just haven’t got time to sweat the small stuff like vulnerabilities.
It’s a phone, not a Windows PC.
Android “Openness” = Open to screw the Android user…
Hey, where in the heck is the Google moto: Do NO Evil?
Eric T. Mole has his work cut out.
It appears that this article is 10 months old.
NOT surprised. We knew Android was a rat’s nest of insecurity YEARS ago. This is no big revelation.
How can we get the word out? This will never be widely publicized. Too much money at stake. I’m just glad I’m impervious (to a certain degree) to these things. Someday, the masses will learn.
No they won’t. The masses still use Windows like it’s the only option they have.
Motorola ‘iLost’… iHacked, iStolen, uScrewed!
So…when i click the link for the ‘full article’, it takes me to an article dated Nov 2011. So is this old news being re-hashed?
The ‘masses’ never learn! Ignorance is ‘Bliss’ ….
Since when is INSECURITY in Android news?
Really old DUH Factor.
This eclipses Apple’s Maps failures by a long shot. No doubt Apple fandroids/fanbois will make the illogical conclusion that Android’s security flaws somehow erase the errors and unreliabties of Maps.
Okay MacFreek,
I’ll take imperfect maps to having the security of my device compromised any day.
Well, you have gotten your wish then, haven’t you?