Researchers at N.C. State University have performed a study of eight Android phones (HTC's Legend, EVO 4G, and Wildfire S; Motorola's Droid and Droid X; Samsung's Epic 4G; and the Nexus One and Nexus S from Google) and found more potentially disturbing information. While the Nexus phones and OG Droid (phones that run stock Android) had one minor security issue, namely a code bug in the pico app that would allow another app to delete the pico installer app, the rest of the bunch didn't fare so well. All the phones with customized versions of Android had serious security issues
In particular, by exploiting these leaked capabilities, an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations – all without asking for any permission.
Apparently because the system applications built by vendors such as HTC, Moto, and Samsung are all signed with the same digital signing key, they are able to inter-communicate and access each other's data. While this is a serious security flaw, it's also possible that it was done by design so that applications like Friendstream or Social Hub can easily parse social networking app data and aggregate it, and these researchers just found a new method to exploit that system.
While the implications for Android are new, the idea of exploit attacks on popular computing platforms is not. As Android grows in popularity, more people will be focused on finding (and reporting) exploits against the OS. Researchers have dutifully reported the issue to Google and all the OEM's, although they express difficulty dealing with HTC and Samsung who (as of this writing) the researchers say have been "very slow in responding, if not ignoring our reports/inquires".
Should you be worried? Not any more than you were yesterday. Malware exists because a whole hell of a lot of people use Android, and users are not restricted to installing only approved applications. If these types of reports bother you -- and that's a pretty valid response -- you still have the option of installing only trusted applications by well-known developers, or other options to not run the affected firmware on your phone. And while nobody wants to hear me say it again (but I'm about to anyway), Nexus devices running Android as it was written are once again immune from these serious issues, so are always the better choice if you value your security.
Source: NC State University CSC (.pdf)
We may earn a commission for purchases using our links. Learn more.
Daily Coronavirus updates: Amazon sets up its own testing lab for COVID-19
COVID-19 has already infected over 1.3 million people globally and caused over 76,500 fatalities. Here are all the ways the coronavirus is affecting the world.
Call of Duty: Mobile is the first mobile game I've fallen in love with
I'm someone that usually doesn't bother with mobile games — like, at all. However, Call of Duty: Mobile pulled me in the day it launched and hasn't let go of me since.
Here's everything you need to know about Android TV
We all know that Android powers phones and tablets, but did you know it's also an operating system for TVs? Here's everything you need to know about Android TV!
Expand the Note 10+ storage with one of these microSD cards
Samsung has unveiled the Galaxy Note 10+ which includes a microSD card slot, despite a base storage option of 256GB. We have compiled a list of the best microSD cards for your new Galaxy Note 10+.