Android Holes Allow Secret Installation of Apps 132
CheerfulMacFanboy writes with a link to Heise Online which says "'Security researchers have demonstrated two vulnerabilities that allow attackers to install apps on Android and its vendor-specific implementations without a user's permission. During normal installation, users are at least asked to confirm whether an application is to have certain access rights. Bypassing this confirmation request reportedly allows spyware or even diallers to be installed on a smartphone.' One vulnerability was identified when a security specialist analysed HTC devices and found that the integrated web browser has the right to install further packages (used to automatically update its Flash Lite plug-in). Attackers can exploit this if they have found another browser hole. 'Android specialist Jon Oberheide demonstrated another hole which involved misusing the Account Manager to generate an authentication token for the Android Market and obtaining permission to install further apps from there. However, this initially requires a specially crafted app to be installed on the smartphone. Nothing could be easier: Oberheide released the allegedly harmless "Angry Birds Bonus Levels" app into the Android Market and, upon installation, this app downloaded and installed three further apps ("Fake Toll Fraud," "Fake Contact Stealer," and "Fake Location Tracker") without requesting the user's permission.'"
Makes popcorn (Score:5, Funny)
And sits down to watch the fanboy battle begin. Go go go
Re:Makes popcorn (Score:3, Funny)
I dare the posters on this site to go this entire thread without mentioning Apple.
Re:Makes popcorn (Score:1, Funny)
Oh damn! Already foiled.
Android is open... (Score:3, Funny)
So that means anyone can compile and install his or her own fixes? So this sounds like a non-issue to me.
Yes, and people really should read the source (Score:2, Funny)
before they install their apps.
Microsoft's fault (Score:1, Funny)
I've been suspicious for a long time that Google is having Microsoft write all their software. This proves it.
Re:Telco backdoors (Score:5, Funny)
If I'm not mistaken, all mobile phones have backdoors for telco's to use, for silently pushing firmware updates and bricking phones, etc.
I might be mistaken, but I'm pretty sure that's what my cousin told me, who works with setting up mobile infrastructure.
No kidding? Well, my best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious.
Re:Telco backdoors (Score:3, Funny)
Abe Froman can afford to give you mod points.
Re:I can't find that app in the App Store (Score:4, Funny)
Man I found it but Fake Location Tracker doesnt seem to work :(
You must first be in a fake location...duh!
Re:Makes popcorn (Score:5, Funny)
Isn't this very similar to a problem my iPhone had just a few months ago?
Nope, it's entirely different. This is a security hole, while the iPhone had a jailbreak opportunity.