Researchers at N.C. State University have performed a study of eight Android phones (HTC's Legend, EVO 4G, and Wildfire S; Motorola's Droid and Droid X; Samsung's Epic 4G; and the Nexus One and Nexus S from Google) and found more potentially disturbing information. While the Nexus phones and OG Droid (phones that run stock Android) had one minor security issue, namely a code bug in the pico app that would allow another app to delete the pico installer app, the rest of the bunch didn't fare so well. All the phones with customized versions of Android had serious security issues
In particular, by exploiting these leaked capabilities, an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations – all without asking for any permission.
Apparently because the system applications built by vendors such as HTC, Moto, and Samsung are all signed with the same digital signing key, they are able to inter-communicate and access each other's data. While this is a serious security flaw, it's also possible that it was done by design so that applications like Friendstream or Social Hub can easily parse social networking app data and aggregate it, and these researchers just found a new method to exploit that system.
While the implications for Android are new, the idea of exploit attacks on popular computing platforms is not. As Android grows in popularity, more people will be focused on finding (and reporting) exploits against the OS. Researchers have dutifully reported the issue to Google and all the OEM's, although they express difficulty dealing with HTC and Samsung who (as of this writing) the researchers say have been "very slow in responding, if not ignoring our reports/inquires".
Should you be worried? Not any more than you were yesterday. Malware exists because a whole hell of a lot of people use Android, and users are not restricted to installing only approved applications. If these types of reports bother you -- and that's a pretty valid response -- you still have the option of installing only trusted applications by well-known developers, or other options to not run the affected firmware on your phone. And while nobody wants to hear me say it again (but I'm about to anyway), Nexus devices running Android as it was written are once again immune from these serious issues, so are always the better choice if you value your security.
Source: NC State University CSC (.pdf)
We may earn a commission for purchases using our links. Learn more.
Everything we know (so far) about the Google Pixel 5
We're still months out from Google unveiling the Pixel 5, but that doesn't mean it's too early to speculate what it might offer. Here's everything we know so far!
Surface Duo AT&T preorders kick off at midnight ET tonight
Microsoft finally launched the Surface Duo today, announcing preorders at the Microsoft Store, AT&T, and Best Buy. If you're looking to grab one on AT&T, the company will kick off preorders at 9 p.m. PT / 12 a.m. ET tonight, August 12.
Microsoft has announced Surface Duo price, specs, and release date
It's finally happening! Microsoft's dual-screen Android smartphone that was first announced back in October 2019 is now available for preorder for an eye-watering $1399, and will begin shipping to customers starting September 10.
These cases provide all the protection your Galaxy A11 will need
If you want to go with Samsung but don't want to get a flagship like the S20, why not go with a more budget-friendly option like the Galaxy A11? This phone gives you the look of a flagship smartphone at just a portion of the cost. But even though you're saving some dough, you'll want to make sure that your investment is protected, so why not get a new case?