Last Updated: August 2nd, 2012

According to a group of computer scientists at North Carolina State University, a vulnerability exists within many Android devices that would allow hackers (or malicious apps) to bypass the permissions request process and tap into audio and location, wipe apps and data, or send unauthorized SMS messages, all without the user knowing.

This news may sound a bit sensational, but the researchers have created and tested a dummy app which effectively demonstrates the exploit:

Among the eight phones tested with the researchers' diagnostic app (Woodpecker), HTC's Evo 4G seemed to be the most vulnerable, able to "leak" eight different capabilities to their dummy app, which was not explicitly granted appropriate permissions by the user.

Phones sold by HTC, Samsung, Motorola, and Google seem to be afflicted with this exploit, and the researchers are blaming it on pre-loaded apps and other manufacturer 'enhancements,' which provide a software loophole through which malicious apps can sneak past permissions requests.

Both Google and Motorola have evidently acknowledged this threat, but HTC and Samsung, according to the researchers, have been slow to respond. The NCSU researchers have also compiled a paper on the subject (to be presented at the 2012 Network and Distributed System Security Symposium), writing "We believe these results demonstrate that capability leaks constitute a tangible security weakness for many Android smartphones in the market today."

It is unclear when/if there will be an official response to this issue - in the form of software fixes or  otherwise - but in the meantime, as always, it is advisable to stay away from any untrusted applications.

Via The Register

Liam Spradlin
Liam loves Android, design, user experience, and travel. He doesn't love ill-proportioned letter forms, advertisements made entirely of stock photography, and writing biographical snippets.

  • Android Addict

    Would an app the LBE Privacy Guard be able to display that an app like this were trying to access these permissions or would they be hidden there also?

    • http://www.AndroidPolice.com Artem Russakovskii

      I have my doubts, and we won't know until they release their findings. If it's using a vulnerability and not using official APIs, then LBE will be helpless in this situation.

  • Deltaechoe

    Might be time to go grab a real android av

  • Marco Duran

    This just confirms to me that it's time to pick up a Nexus.

    First, CIQ comes out doing something shady. Later on, it's confirmed that Nexus phones don't have this spyware/rootkit installed.

    Next, we get hit with this security bug. From the paper these folks are publishing, it seems pretty clear that oem os manipulation is the cause of this mess. Of the 8 phones that were tested, the Google Nexus devices only displayed 1 vulnerability (related to the pico tts app).

    So, let's recap. Less security risks? Check. Some sort of actual support?Check. Having an Android version that is up to date? Check.

    Starting to wonder why in the hell I ever bothered with non-Nexus devices? Check.

    • MJ

      I'm still happy with bying a Nexus-S.

      But in the meantime I installed a CM-based ROM (NSCollab) and wonder if CM is also affected? (I haven't read the paper, yet)

      • Marco Duran

        Unfortunately, they don't mention custom roms at all, and the scope of their data is too limited to really make a guess.

        In general, the data suggests that you'll see less security violations the closer you are to vanilla android. But the only way to really be sure would be to have them test it or to have someone else test it with a copy of their tools and following their combination testing app/manual code validation methodology.

    • Rikk

      Its sad that people rather watch others such as neighbors friends etc. Dont you have enough to do just living? Cable has 400 plus channels yet u rather watch me? I didnt know i was so interesting! Let people live

  • Josh

    A rash of bad press all at once for Android in general. The comments on the Yahoo! version of this story paint a frightening picture of the average consumers' reactions.
    I'm not all that concerned by the news on a personal level, but I doubt the waves it causes in the industry will be small ones.

  • TBolt

    AP, PLEASE follow up on this story by telling us if the Galaxy Nexus (Verizon model) is free of this vulnerability & the Carrier IQ b.s. Thank you.

    • Seth

      @TBolt How could they know that about an unreleased phone?

      • TBolt

        1. A follow-up doesn't have to happen today.
        2. I figure AP will have a review unit before we get our hands on it, and AP knows how to figure it all out better than me.

    • Ryuuie

      If the Nexus S is exempt of Carrier IQ crap and this vulnerability, then the Galaxy Nexus will be as well as neither are screwed with by carriers or OEM crap.

  • TBolt

    AP, PLEASE follow up on this story by telling us if the Galaxy Nexus (Verizon model) is free of this vulnerability & the Carrier IQ junk. Thank you.



    • http://[email protected] androidftw


    • CodeMonkey
  • Adrian

    Is this before or after the HTC recent security update for the thunder bolt?

  • Anthony

    Maybe a law can be passed to prevent wireless companies from installing bloatware. Waste of space anyway and for the $299 I pay, I would at least appreciate a clean phone...

    • Adrian

      Unfortunately, that means that companies would have to charge more.

      A better law would be for wireless companies to not uninstall bloatware that we can't uninstall. This way the companies can make there money from there agreements and we can uninstall it

  • modplan

    I got my Bachelors in Computer Science at NC State and had the pleasure of taking "Computer Security" under Xuxian Jiang (the researcher). Great guy, loves android, his class should have been called Computer/Android Security.

    Go Wolfpack!

  • http://androlib.blog.hu Yarner

    Am I right to assume that this issue affects only phones relerased in the US?
    I'm over in Central Europe... Should we be worried, too?

  • Freak4Dell

    Just another reason that Google should tell manufacturers to stop ruining Android with their stupid modifications.

    Even if a privacy guard app can't catch the hidden permissions, wouldn't it be able to catch the transmissions going out of the phone to whatever server was being used to control the rogue app?

    On a side note, I want an app that can record both sides of the conversation. Only when authorized by me, of course...not by some loser in his mom's basement on the the other side the country.

  • Kevin lander

    I am sorry but I am gonna to sell my android phone and get our of here ! I was ok to be spied by google but not that !

    I am out of here. Goodbye android.

    • Chris yve

      Agree. Mine is already on eBay. I am gonna to buy an iPhone right away.

      • akoli

        Cant they put their talents to better use and find an exploit that will allow a jailbreak for the Iphone 4s and ipad 2 .... android being rooted and tweaked theres obviously going to be holes in the security of them...their not locked down in such a way unlike apple phones... which I why I walked away ... see if the iphone 5 can win me back when it comes out... unlikely.

  • nandroid

    meh, not worried about it. people have been shouting about the sky falling, viruses and malware for eons. I have yet to experience any of these on any of my android devices NOR windows computers. maybe I ought to switch to apple devices anyway. they will not only keep me safe, but also increase my social net worth among the yuppies and the "edumacated" ilk. (sarcasm)