Android Browser flaw a ‘privacy disaster’ for half of Android users

“A bug quietly reported on September 1 appears to have grave implications for Android users,” Peter Bright reports for Ars Technica. “Android Browser, the open source, WebKit-based browser that used to be part of the Android Open Source Platform (AOSP), has a flaw that enables malicious sites to inject JavaScript into other sites. Those malicious JavaScripts can in turn read cookies and password fields, submit forms, grab keyboard input, or do practically anything else.”

“This means that potentially any site visited in the browser could be stealing sensitive data. It’s a bug that needs fixing, and fast,” Bright reports. “As our monthly look at Web browser usage shows, Android Browser has a little more real-world usage than Chrome for Android, with something like 40-50 percent of Android users using the flawed browser.”

The Android Browser is likely to be embedded in third-party products, too, and some Android users have even installed it on their Android 4.4 phones because for one reason or another they prefer it to Chrome,” Bright reports. “Timely availability of Android updates remains a sticking point for the operating system, so even if Google develops a fix, it may well be unavailable to those who actually need it.”

Read more in the full article here.

MacDailyNews Take: “Open.” As in, wide.

Are you stuck in the fragmandroid swamp? It’s time to stop settling for less than the best. With Apple’s all new, 64-bit smartphones, the gorgeous 4.7-inch iPhone 6 and the stunning 5.5-inch iPhone 6 Plus, there’s never been a better time to stop settling for chintzy, risky imitations and make the move to the real thing.

[Thanks to MacDailyNews Reader “RL” for the heads up.]

Related articles:
Apple slams Google in Safari 7.1 release notes: ‘Adds DuckDuckGo, a search engine that doesn’t track users’ – September 18, 2014
Apple CEO Tim Cook ups privacy to new level, takes direct swipe at Google – September 18, 2014
Apple will no longer unlock most iPhones, iPads for government, police – even with search warrants – September 18, 2014

‘World’s most secure Android Phone’ hacked in under 5 minutes at DefCon Hacking Conference – August 12, 2014
Surveillance companies hate Apple’s impenetrable iPhones, iPads; Android infinitely more exploitable than iOS – August 12, 2014
Crucial security flaw found in Google Play: Thousands of secret keys found in Android apps – June 19, 2014
iOS 8′s extensions explained: Opening the platform while keeping it secure – June 9, 2014
New iOS 8 feature lets users cloak their iPhones from tracking by retailers, marketers, other companies – June 9, 2014
New malware takes Android phones hostage, demands ransom for unlock – June 5, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Mobile malware exploding, but only for Android – May 14, 2013
Mobile malware: Android is a bad apple – April 15, 2013
F-Secure: Android accounted for 96% of all mobile malware in Q4 2012 – March 7, 2013
New malware attacks Android phones, Windows PCs to eavesdrop, steal data; iPhone, Mac users unaffected – February 4, 2013
FBI issues warning over Android malware attacks – October 15, 2012
Researchers discover serious flaw in Android app security, say HTC and Samsung ignore issue – September 28, 2012
Apple’s iPhone has passed a key security threshold – August 13, 2012
Android permissions flaw allows eavesdropping, data theft, location tracking – December 2, 2011
Massive HTC Android security flaw leaves security expert speechless – October 2, 2011
Apple’s iOS unaffected by malware as Android exploits surge 76% – August 24, 2011
Android malware records phone calls; iPhone users unaffected – August 2, 2011
Symantec: Apple iOS offers ‘full protection,’ Google Android ‘little protection’ vs. malware attacks – June 29, 2011
Malware apps spoof Android Market to infect Android phones – June 21, 2011
Google forced to pull several malware-infested apps from Android market – June 8, 2011
Android malware sees explosive growth; even faster than with PCs – April 27, 2011
Virus-laden apps infest Google’s ‘open’ Android platform; iPhone unaffected – March 3, 2011
Security firm warns of new Android trojan that can steal personal information; iPhone unaffected – December 30, 2010
Trojan infects Android smartphones; iPhone unaffected – August 10, 2010
Millions of Android phone users slammed by malicious data theft app – July 29, 2010
Unlike proactive Apple, reactive Google doesn’t block malware from Android app store – June 4, 2010
Malware designed to steal bank information pops up in Google’s Android app store – January 11, 2010

20 Comments

          1. I don’t care what custom browser is in a custom ROM. . . the question is how many Android users make the effort to put in a custom ROM. 5% sounds about right for that effort. Most Android users don’t even use the internet!

            1. It’s not really an ‘effort’ since it usually takes all of only 10 minutes to flash a new ROM. But oh well. You’ve pretty much proven with that last comment that you have absolutely no idea what you’re talking about.

            2. I know people, and most people are NOT going to go to the effort to even research the need for another ROM for their freaking phone, dracoazule. Most Android users don’t even use the Internet to surf for anything more serious than the latest cat YouTube, or Kardashian video. They don’t upgrade their phones, so what percentage are geeks that flash their ROMS? I suggest its you who doesn’t know what you’re talking about, because the statistics simply do not support your position. You are delusional if you think that 95% of Android users have sought out a different browser. . . Frankly, I was shocked that 50% had.

            3. I love how you use the word ‘geeks’ as a negative term. You do realize it’s computer geeks who design and program all the shit you use right?

              And no one really uses the stock browser anymore. If it’s included at all it’s pretty much there as a formality. Everyone usually immediately downloads the Android versions of Firefox, Chrome, or at least Dolphin.

              But I will give Apple credit for one thing. They do a great job at keeping the iPhone simplified and dumbed down to a level that the average joe can understand.

            4. I did not use it as a negative, Dracuazole. I used it to point out that the vast majority of people, including Android users, ARE NOT GEEKS. If anything, being in the industry, owning a business that supports people who USE computers and smart mobile devices for over thirty years, I AM a geek. I know from experience that the vast majority of Android users simply do not flash their ROMS? Hell, dracoazule, the vast majority of them don’t, or can’t upgrade their version of Android! That means you are blowing smoke!

      1. This ‘dradoazule’ guy represents a different kind of anonymous coward. Click on his ‘apparent’ real account avatar and you get this:

        Nothing Found

        It seems we can’t find what you’re looking for. Perhaps searching can help.

        IOW: Who the fsck is this person? Not believable, that’s fur shur. Obviously a troll plant.

  1. Fscking Android browser…. The bane of the mobile web development. Why the hell does it even exist? Google’s own Chrome browser should’ve dethroned it from Android years ago.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.