Serious security flaws discovered in Android phones, Samsung and HTC ignore issue
The ease and ability of Android licensees to modify the software they install on their smartphones has opened vast security holes that enable rogue apps to record calls, monitor users' locations and access sensitive data without permission, researchers say, noting that while Google and Motorola acknowledge the issues, HTC and Samsung have ignored their findings.
Researchers from North Carolina State University have demonstrated that Android's permission-based security system can be easily circumvented due to flaws in the software that licensees add to their devices, according to security testing performed on popular HTC, Samsung, Motorola and Google-branded smartphones.
"Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run," the researchers note in the paper (PDF) "Systematic Detection of Capability Leaks in Stock Android Smartphones," which will be presented at this year's Network and Distributed System Security Symposium.