Researchers Find That Not All Androids Are Equally Secure
Researchers at North Carolina State University (NCSU) have published a paper which details differences in Android security across eight models.
According to the findings, only three phones "properly" enforced Android's permission-based security model.
The conclusion is that Google's Nexus One and Nexus S phones with baseline Android configurations as well as the Motorola Droid "were basically clean." However, pre-installed applications added by manufacturers and carriers add a substantial risk of successful malicious attack to phones, Xuxian Jiang, an assistant professor of computer science at NCSUand co-author of a paper describing the research, said.
HTC’s Legend, EVO 4G and Wildfire S, Motorola’s Droid X and Samsung’s Epic 4G revealed "significant vulnerabilities." The EVO 4G was the most vulnerable phone with eight leaked permissions in the test. The Legend and the Wildfire had six leaks each, followed by the Wildfire and Droid X with four leaks each.
"Some of these pre-loaded applications, or features, are designed to make the smartphones more user-friendly, such as features that notify you of missed calls or text messages," said Jiang. “The problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential 'backdoors' that can be used to give third-parties direct access to personal information or other phone features."
The researchers said that they notified the software vendors of the discovered vulnerabilities prior to the release of the report and recommend that users should keep up with security updates from software vendors to protect themselves from attacks.
- Apple, RIM, Samsung, HTC Sued Over Mobile Displays
- Acer, Lenovo Quad-Core Tablets Coming in Q1
- Grooveshark Had Employees Upload Illegal Music
- Lenovo Reveals Plans for 3 Tablets, Smartphone, Smart TV
- Hackers Could Trigger Your Printer to Overheat (or Worse)
- FAA May Allow Combat Drones for Nonmilitary Use
- Another Siri Clone Arrives on Android: Cluzee
- RIM's BlackBerry Fusion Will Support Android and Apple iOS
- Apps and Games to Get Rated for Violence, Sex, Drugs
- Google Nukes Black Horizontal Nav Bar for Pull-Down Menu
- Firefox 8 Could Be Coming to the Kindle Fire Soon
- Microsoft Gives a Taste of Mango on iPhones and Androids
- Print Your Own Robot: A Consumer 3D Printing Service
- Smartphones Consume 74 Percent Less Power Via Proxy
- Toyota to Create Smaller, Compact Prius C
- Apple's Siri Won't Help You Find an Abortion Clinic
- Google Brings Google Maps Indoors to Malls, Airports
- Apple: Siri's Answers On Abortion Not Intentional
- FCC Allows AT&T To Withdraw T-Mobile Merger Application, But Releases Damning Commission Report Anyway
just more negative propaganda coming from the folks from apple
So how about the rootkits that are pre-loaded, almost completely hidden, and sends third parties information about everything I do (i.e. CarrierIQ) on the phone?
Because while it's good to secure the apps on your device that's useless if your device has a program on it that is inherently extremely dangerous to your security at a lower level...
just more negative propaganda coming from the folks from apple
Truth hurts. My company won't allow anything made by Apple or any Android device to connect to the network. Say what you want about RIM but they keep racking up security awards and certifications left and right.
Good article, I own a Samsung Galaxy S (original) and have been bitterly disappointed with the lack of updates to the OS and the preloaded applications. The extra skins and software loaded on top of the vanilla android are ok, but I prefer the defaults. If I ever buy another Android it will be Nexus line exclusively. My wife's Nexus One is awesome.
I'm shocked, I say, shocked that all the holes exist; no, not really. This is what happens when the code monkeys add features to differentiate the OS, yet, nobody takes the time to understand the impact of these 'features'
Duh! Android is full of security holes and that's intentional. Think about it... when you own a Android device you already have been hacked into. BUT I do love my Samsung Galaxy S2 with 2.3 Gingerbread.
In other words: Preloaded crapware is a security risk.
I always switch to a ROM anyways. No bloatware and most ROMs are as close to stock google android as you can get.
Wow! Newsflash!
Remove all bloatware and download something more reliable.
So this is just like with bloatware loaded onto Windows by OEMs; a lot of them really compromise your experience as well as security of the system.
This is going to likely become moot with ICS, when ICS is released it does away with the vendor modifications and forces the Android phones to a more stock build for distribution.
?? lol. But yeah, it's Android, so I can't say I'm surprised.
So how about the rootkits that are pre-loaded, almost completely hidden, and sends third parties information about everything I do (i.e. CarrierIQ) on the phone?Because while it's good to secure the apps on your device that's useless if your device has a program on it that is inherently extremely dangerous to your security at a lower level...
Root it, wipe it out and install vanilla Android.