Whoops – More Android Security Issues Exposed

By on December 1, 2011
submit to reddit

Forget CarrierIQ, these issues stem from apps already pre-installed on your Android device.

Tags:

Just when all the Paranoid Androids out there were up in arms about CarrierIQs super snooping skills, a new threat seems to have emerged. Researchers at North Carolina State University seem to have uncovered more vulnerabilities in pre-installed Android apps.

The vulnerabilities according to Phandroid are said to be able to allow malicious applications run amok within a device unbeknownst to their unsuspecting users. The researchers, using a tool dubbed ‘Woodpecker’ combed through pre-installed apps looking for ‘capability leaks’. Tested devices included the  HTC Legend, Evo 4G, Wildfire S; Motorola Droid, Droid X; Samsung Epic 4G, Google (HTC) Nexus One and (Samsung) Nexus S.

The vulnerabilities were then reported to their respective manufacturers and out of the likes of HTC, Samsung, Motorola and Google the only ones who confirmed them were Google and Motorolla.

The researchers categorized the ‘crimes’ under two labels- Explicit and implicit. The tests found that the worst offender was the HTC Evo 4G which was found to have 8 explicit leaks. Even more surprising was that the Nexus One and the Nexus S were found to have one implicit error each even though they run the purest form of the Android OS.

Google has yet to announce a fix or possible solution for the vulnerabilities even though they affect ‘out-of-the-box’ apps.

 


About

Humourist, news-junkie, bassist, petrol-head and techie. Best when caffeinated. Seasoned collector of lame puns and professional grumpy old man. Follow him on twitter: @nabilfahim

Comments
Most Read
Most Commented
Competitions
Win two Toshiba AT200 tablets

This festive season Toshiba has 2 tablets to giveaway.

Win an MSI FM2-A85XA-G65 Motherboard

Thanks to MSI we have an great AMD FM2 motherboard to giveaway.

Win a Nokia Asha 311

Thanks to Nokia we have a great entry-level smartphone to giveaway.