Spoofed Android apps can bypass security permissions

android-broken

Google has always a lot of control over its products in the hands of its users, and Android OS is probably on of the best examples. When downloading an application, the user is shown just what said application needs to run properly. If the user doesn’t want the app to have access to certain things it requires, you simply don’t download it. Well, it seems that isn’t the case anymore, as there’s now a new bug in town, and it doesn’t need your stinkin’ permission.

A new bug found in Android can allow those with malicious intent to make a spoof application that seems harmless, only to find out that it can roam free on your handset, and download other, more dangerous applications to steal your personal data, without any permission by the user. Tricky tricky.

Intel security researchers Jon Oberheide and Zach Lanier have created such an application. It looks harmless – an Angry Birds add-on pack that after downloaded, will install a handful of programs that will track your location, steal your contacts, and give the hacker the option to send pay-per-texts. While this isn’t the first time we’ve seen this kind of hack attack, it will certainly be unsettling to most users, especially if this bug isn’t fixed pronto.

With Android’s massive growth, Google may have one of the biggest problems on their hands since the OS was launched. While we will likely see a fix for this bug, a harsh reality of what potential threats could be on their way for all mobile operating systems should start sinking in. Some OS’ may be safer than others, but with the right amount of effort and time, hackers may be able to exploit even the smallest vulnerabilities within the various mobile OS offerings today. It’s obvious that mobile security will be just as important on people’s smartphones as it can be on a computer these days, but when will the user actually realize this? After it’s too late?

All in all, these threats will always be around, and thankfully Google of all companies is in (somewhat) control, and a fix will be issued as soon as it becomes available, but this likely won’t be the last time we hear of a security threat in Android, or other mobile operating systems, we can count on that.

[Via: Forbes]

  • Schermvlieger

    Please provide the link to the research findings as without it this sounds like just another scaremongering rant that you guys at ITM enjoy so much placing on your website.

    • ShimTeMaster

      I agree with the above post completely. This article not only misses the biggest security problem for Android – which is that Google probably fixed it, but only a tiny percentage of the user population have access to updates for devices – no, in fact, you actually refer to it as the silver lining.
      How was the activity detected? Sniffing? Forensic analysis of RAND chips is very difficult, with unreliable results.
      Please remember to cite your references, mate, or face derision.

Back to top ▴