Forget CarrierIQ, these issues stem from apps already pre-installed on your Android device.
Just when all the Paranoid Androids out there were up in arms about CarrierIQs super snooping skills, a new threat seems to have emerged. Researchers at North Carolina State University seem to have uncovered more vulnerabilities in pre-installed Android apps.
The vulnerabilities according to Phandroid are said to be able to allow malicious applications run amok within a device unbeknownst to their unsuspecting users. The researchers, using a tool dubbed ‘Woodpecker’ combed through pre-installed apps looking for ‘capability leaks’. Tested devices included the HTC Legend, Evo 4G, Wildfire S; Motorola Droid, Droid X; Samsung Epic 4G, Google (HTC) Nexus One and (Samsung) Nexus S.
The vulnerabilities were then reported to their respective manufacturers and out of the likes of HTC, Samsung, Motorola and Google the only ones who confirmed them were Google and Motorolla.
The researchers categorized the ‘crimes’ under two labels- Explicit and implicit. The tests found that the worst offender was the HTC Evo 4G which was found to have 8 explicit leaks. Even more surprising was that the Nexus One and the Nexus S were found to have one implicit error each even though they run the purest form of the Android OS.
Google has yet to announce a fix or possible solution for the vulnerabilities even though they affect ‘out-of-the-box’ apps.