Android bloatware results in serious security flaws

Summary: Bloatware installed by the handset manufacturers is making Android insecure.

It’s not just Carrier IQ that Android users need to be worried about. Researchers have discovered that some pre-loaded apps on Android handsets contain a serious security vulnerabilities that could be used to wipe the handset, steal data, or even eavesdrop on calls.

Comptia A+ Training, Comptia A+ certification

Best comptia A+ Training, Comptia A+ Certification at Certkingdom.com

A team of researchers from North Carolina State University discovered the security vulnerability on eight different smartphones from Google, HTC, Motorola and Samsung. According to the paper published by the team, the flaw relates to how the Android permission-based security model is enforced and allows permissions granted to a pre-installed app to be ‘leaked’ to another without user consent.

Our results with eight phone images show that among 13 privileged permissions examined so far, 11 were leaked, with individual phones leaking up to eight permissions. By exploiting them, an untrusted application can manage to wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission

The eight smartphones tested by the team were:

HTC Legend
HTC EVO 4G
HTC Wildfire S
Motorola Droid
Motorola Droid X
Samsung Epic 4G
Google Nexus One
Google Nexus S

The team used a custom-build scanner called ‘Woodpecker’ to scan the pre-loaded apps for permissions leaks relating to the following permissions:

Click to rate this post!
[Total: 0 Average: 0]

Leave a comment

(*) Required, Your email will not be published