Android security flaws that allow malicious folk to fling apps onto phones without the user’s knowledge have been revealed. A study of HTC phones found that the integrated web browser can install software packages without the user being aware of it. That’s to allow HTC to automatically update the Flash Lite plug-in but also gives a way in for bad guys too.
The browser flaw only affects HTC phones running Android 2.1 or lower but while Android 2.2 closes the loophole, only a third of users are rocking that version of Android right now.
Another Android security flaw was revealed by Android guru Jon Oberheide who exploited the Account Manager app to generate an authentication token for the Android Market and gain permission to install further apps. He released the harmless looking Angry Birds Bonus Levels app onto the Android Market.
Once installed on a user’s phone, Angry Birds Bonus Levels installed three further apps – Fake Toll Fraud, Fake Contact Stealer and Fake Location Tracker. All three were harmless demonstrations of the flaw but all had permissions to text premium rate phone numbers and secretly visit websites. The app has subsequently been killed by Google.
Let us know: do these Android security flaws worry you? Or is the freedom of being able to grab apps wherever you fancy worth a little bit of risk?
Out now | From £free | Google (via The H Open)
