Android Holes Allow Secret Installation of Apps 132
CheerfulMacFanboy writes with a link to Heise Online which says "'Security researchers have demonstrated two vulnerabilities that allow attackers to install apps on Android and its vendor-specific implementations without a user's permission. During normal installation, users are at least asked to confirm whether an application is to have certain access rights. Bypassing this confirmation request reportedly allows spyware or even diallers to be installed on a smartphone.' One vulnerability was identified when a security specialist analysed HTC devices and found that the integrated web browser has the right to install further packages (used to automatically update its Flash Lite plug-in). Attackers can exploit this if they have found another browser hole. 'Android specialist Jon Oberheide demonstrated another hole which involved misusing the Account Manager to generate an authentication token for the Android Market and obtaining permission to install further apps from there. However, this initially requires a specially crafted app to be installed on the smartphone. Nothing could be easier: Oberheide released the allegedly harmless "Angry Birds Bonus Levels" app into the Android Market and, upon installation, this app downloaded and installed three further apps ("Fake Toll Fraud," "Fake Contact Stealer," and "Fake Location Tracker") without requesting the user's permission.'"
Re:Time to move to a repository system? (Score:3, Informative)
Uh, that's exactly how it works right now - only market apps can get onto the phone, unless the user enables the installation of non-market apps. The problem here is that Google left a back-door open. No amount of security design will help if the vendor leaves a back-door open. The iPhone in theory doesn't run anything not signed by Apple, but since lots of users are walking around with jailbroken iPhones they didn't get it right either.
Google just needs to stop leaving back-doors open in their OS. Apps should be installed via the standard interface, and the existing market auto-update feature should be used for deploying updates.
Note also that having multiple repository tiers probably won't help much. The less-vetted tier will undoubtedly have more software in it, so 99.999% of all phones will have it enabled. Thus, virtually all phones will still be vulnerable to malicious apps.
The solution is just to fix the leaks in the sandbox, and not to deliberately engineer them in. As long as the user has to approve all app installs, and apps disclose their permissions, things like this should stay under control.
Oh, on the topic of permissions - Android really needs to let users toggle individual permissions at the time of application install. Right now your only choices are install or don't-install. It would be REALLY nice if I could toggle that "auto-load on start" permission for the 95% of the apps on the phone that I don't want running all the time no matter what the authors think. Right now the only thing I can do is edit the apk manifest, which is a BIG pain and blocks updates.
Re:Android is open... (Score:2, Informative)
Actually this sounds like it is an HTC Sense issue, not an Android issue. Android doesn't come with a browser that uses Flash Lite. And since HTC Sense is not open, people can not make their own fixes.
Re:Time to move to a repository system? (Score:2, Informative)
Where in the article summary implicates Google as the responsible party? Read again.
VENDOR SPECIFIC IMPLEMENTATIONS have this security hole. HTC specifically added a permission to update internal plug-ins.
Re:Makes popcorn (Score:2, Informative)
I'm not sure if you're being sarcastic or not
And so, as a result, you are the proud winner and get to take home today's 'Whooooooooosh'. Congratulations!