Researchers at N.C. State University have performed a study of eight Android phones (HTC's Legend, EVO 4G, and Wildfire S; Motorola's Droid and Droid X; Samsung's Epic 4G; and the Nexus One and Nexus S from Google) and found more potentially disturbing information. While the Nexus phones and OG Droid (phones that run stock Android) had one minor security issue, namely a code bug in the pico app that would allow another app to delete the pico installer app, the rest of the bunch didn't fare so well. All the phones with customized versions of Android had serious security issues
In particular, by exploiting these leaked capabilities, an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations – all without asking for any permission.
Apparently because the system applications built by vendors such as HTC, Moto, and Samsung are all signed with the same digital signing key, they are able to inter-communicate and access each other's data. While this is a serious security flaw, it's also possible that it was done by design so that applications like Friendstream or Social Hub can easily parse social networking app data and aggregate it, and these researchers just found a new method to exploit that system.
While the implications for Android are new, the idea of exploit attacks on popular computing platforms is not. As Android grows in popularity, more people will be focused on finding (and reporting) exploits against the OS. Researchers have dutifully reported the issue to Google and all the OEM's, although they express difficulty dealing with HTC and Samsung who (as of this writing) the researchers say have been "very slow in responding, if not ignoring our reports/inquires".
Should you be worried? Not any more than you were yesterday. Malware exists because a whole hell of a lot of people use Android, and users are not restricted to installing only approved applications. If these types of reports bother you -- and that's a pretty valid response -- you still have the option of installing only trusted applications by well-known developers, or other options to not run the affected firmware on your phone. And while nobody wants to hear me say it again (but I'm about to anyway), Nexus devices running Android as it was written are once again immune from these serious issues, so are always the better choice if you value your security.
Source: NC State University CSC (.pdf)
We may earn a commission for purchases using our links. Learn more.
The Echo Buds are just $80 right now and that’s a great deal
Alexa's 6th birthday is coming up, and our favorite AI voice assistant is discounting all of her favorite Amazon devices. I recommend that you rush to grab a pair of Amazon's underrated Echo Buds which are on sale today for $50 off!
Where's Android 10 for my smartphone?
Android 10 has been kicking around for more than a year now, but not every phone has received the big update yet ahead of the launch of Android 11. Here's a breakdown of which phones are confirmed to get the Android 10 update and when you can look forward to it.
Google's Pixel 5 is now on sale in the U.S. and Canada
Google's Pixel 5 is finally available to purchase in the U.S. and Canada. The phone was released in seven countries earlier this month, including Australia and the U.K.
Pair that snazzy Galaxy S20 FE with an awesome case to keep it protected
Samsung unveiled the Galaxy S20 FE and the device is sure to turn plenty of heads for the next few months. With stiff competition in the mid-range market, it's clear that Samsung wants to compete and the S20 FE is fantastic. If you're picking one of these awesome new devices up, make sure you pair it with a case to keep it looking awesome.