Skip to main content

Researchers Find That Not All Androids Are Equally Secure

According to the findings, only three phones "properly" enforced Android's permission-based security model.

The conclusion is that Google's Nexus One and Nexus S phones with baseline Android configurations as well as the Motorola Droid "were basically clean." However, pre-installed applications added by manufacturers and carriers add a substantial risk of successful malicious attack to phones, Xuxian Jiang, an assistant professor of computer science at NCSUand co-author of a paper describing the research, said.

HTC’s Legend, EVO 4G and Wildfire S, Motorola’s Droid X and Samsung’s Epic 4G revealed "significant vulnerabilities." The EVO 4G was the most vulnerable phone with eight leaked permissions in the test. The Legend and the Wildfire had six leaks each, followed by the Wildfire and Droid X with four leaks each.

"Some of these pre-loaded applications, or features, are designed to make the smartphones more user-friendly, such as features that notify you of missed calls or text messages," said Jiang. “The problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential 'backdoors' that can be used to give third-parties direct access to personal information or other phone features."

The researchers said that they notified the software vendors of the discovered vulnerabilities prior to the release of the report and recommend that users should keep up with security updates from software vendors to protect themselves from attacks.

  • captaincharisma
    just more negative propaganda coming from the folks from apple
    Reply
  • LuckyDucky7
    “The problem is that these pre-loaded apps are built on top of the existing Android architecture in such a way as to create potential 'backdoors' that can be used to give third-parties direct access to personal information or other phone features."


    So how about the rootkits that are pre-loaded, almost completely hidden, and sends third parties information about everything I do (i.e. CarrierIQ) on the phone?

    Because while it's good to secure the apps on your device that's useless if your device has a program on it that is inherently extremely dangerous to your security at a lower level...
    Reply
  • Niva
    Good article, I own a Samsung Galaxy S (original) and have been bitterly disappointed with the lack of updates to the OS and the preloaded applications. The extra skins and software loaded on top of the vanilla android are ok, but I prefer the defaults. If I ever buy another Android it will be Nexus line exclusively. My wife's Nexus One is awesome.
    Reply
  • STravis
    I'm shocked, I say, shocked that all the holes exist; no, not really. This is what happens when the code monkeys add features to differentiate the OS, yet, nobody takes the time to understand the impact of these 'features'
    Reply
  • starryman
    Duh! Android is full of security holes and that's intentional. Think about it... when you own a Android device you already have been hacked into. BUT I do love my Samsung Galaxy S2 with 2.3 Gingerbread.
    Reply
  • NapoleonDK
    In other words: Preloaded crapware is a security risk.
    Reply
  • sinfulpotato
    I always switch to a ROM anyways. No bloatware and most ROMs are as close to stock google android as you can get.
    Reply
  • tanjo
    Wow! Newsflash!
    Remove all bloatware and download something more reliable.
    Reply
  • eddieroolz
    So this is just like with bloatware loaded onto Windows by OEMs; a lot of them really compromise your experience as well as security of the system.
    Reply
  • everygamer
    This is going to likely become moot with ICS, when ICS is released it does away with the vendor modifications and forces the Android phones to a more stock build for distribution.
    Reply