Researchers at N.C. State University have performed a study of eight Android phones (HTC's Legend, EVO 4G, and Wildfire S; Motorola's Droid and Droid X; Samsung's Epic 4G; and the Nexus One and Nexus S from Google) and found more potentially disturbing information. While the Nexus phones and OG Droid (phones that run stock Android) had one minor security issue, namely a code bug in the pico app that would allow another app to delete the pico installer app, the rest of the bunch didn't fare so well. All the phones with customized versions of Android had serious security issues
In particular, by exploiting these leaked capabilities, an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations – all without asking for any permission.
Apparently because the system applications built by vendors such as HTC, Moto, and Samsung are all signed with the same digital signing key, they are able to inter-communicate and access each other's data. While this is a serious security flaw, it's also possible that it was done by design so that applications like Friendstream or Social Hub can easily parse social networking app data and aggregate it, and these researchers just found a new method to exploit that system.
While the implications for Android are new, the idea of exploit attacks on popular computing platforms is not. As Android grows in popularity, more people will be focused on finding (and reporting) exploits against the OS. Researchers have dutifully reported the issue to Google and all the OEM's, although they express difficulty dealing with HTC and Samsung who (as of this writing) the researchers say have been "very slow in responding, if not ignoring our reports/inquires".
Should you be worried? Not any more than you were yesterday. Malware exists because a whole hell of a lot of people use Android, and users are not restricted to installing only approved applications. If these types of reports bother you -- and that's a pretty valid response -- you still have the option of installing only trusted applications by well-known developers, or other options to not run the affected firmware on your phone. And while nobody wants to hear me say it again (but I'm about to anyway), Nexus devices running Android as it was written are once again immune from these serious issues, so are always the better choice if you value your security.
Source: NC State University CSC (.pdf)
We may earn a commission for purchases using our links. Learn more.
Everything you need to know about the Huawei P40 and P40 Pro
Huawei is getting ready to enter 2020 with a splash thanks to its upcoming P40 and P40 Pro smartphones. Here's everything we know about the phones' specs, design, release, and more.
Samsung Galaxy S20 will have a 5x optical zoom according to latest report
According to a recent report out of Korea, optics manufacturer Optrontech is supplying Samsung with prisms for 5x optical zoom in the Galaxy S20.
These are the best games for your Android phone
We're rounding up the best games, free and premium, you should be playing today.
Life happens, so keep the Moto E5 protected with these cases
Finding the "right" case can be a tall order, as there are so many different options on the market. We have comprised a list of the best cases for owners of the Moto E5 so your phone will match you, but will also keep the phone protected.