Dangers of Customized Android ROMS and Malware
CodeAndroid Singapore was at Hack In The Box Security Conference in KL last week, and had the privilege to discuss with security experts from around the world on security risks that users may face on the Android platform. After speaking to both Bruno Goncalves (who spoke on “Hacking from the Rest Room“) and Sheran Gunasekera (who spoke on “Bugs and Kisses: Spying on BlackBerry Users for Fun“) came the common themes,
1.) Android users need to pay more attention to what they install on the phone, especially the required permissions
2.) Custom ROMs can be a potential threat to unsuspected users
Why should users pay more attention to the apps and the required permissions when they install them on the phone? Like Blackberry and other platforms, the Android SDK provides developers access to private information such as contacts, photos, etc, which can be manipulated and stolen from unexpected users. “Malware” apps, as demoed by Sheran on his Blackberry during his presentation, can perform perfectly normal functions such as backing up your SMS on the cloud, but at the same time forward to the intruder the incoming/outgoing SMS.