Skip to main content
  1. Home
  2. Mobile

Manufacturers’ Android modifications open security leaks, study shows

Andrew Couts
By
android_holes
Image used with permission by copyright holder

Researchers at North Carolina State University have discovered a vulnerability with a number of leading Android handsets that could allow hackers to access private data without having to get explicit user permission. According to the study, such a loophole could give malicious hackers the ability to “wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.”

Unlike apps for iOS, which alert a user anytime the app wants to access some type of personal information, like location, Android apps use a permissions-based security system, which tells the user up-front what type of information to which the app may at some point need access. Users can then decide whether or not they want to install the app based upon the permissions granted.

Recommended Videos

The NCSU study shows that the modification of Android by some handset manufacturers creates a hole in the permissions infrastructure, which could allow hackers to access sensitive private information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.

“These features are standard and make the phone more user-friendly,” said Xuxian Jiang, assistant professor of computer science at NCSU. “They make the phones more convenient to use, but also more convenient to abuse.”

Using their “Woodpecker” diagnostics tool, which checks to see if an app can perform a function for which it has no permission, the researchers found the following devices to be most vulnerable: HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. Samsung and HTC, however, have given the team “major difficulties.”

Despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.

“Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence,” the team writes in the study. “Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”

Read the full study here (pdf).

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
One of the biggest Oura Ring competitors just did something huge
The Ultrahuman Ring Air and the Oura Ring, resting on a table.

Ultrahuman, the maker of the Ultrahuman Ring Air, is making its way to U.S. production grounds. The company is setting up a production facility in Indiana, which will mark the first time a smart ring from Ultrahuman will be assembled from scratch on U.S. soil.

“The UltraFactory will offer an end-to-end production capability and is based on the company’s first operational model of such a facility in India,” the company says.

Read more
Best Verizon new customer deals: Galaxy S24, iPhone and more
Verizon logo on a smartphone screen in a dark room and a finger touching it.

If you’re in the market for one of the best phones, or any new phone for that matter, you’re going to need a good carrier. Verizon has long been one of the most popular options, as it boasts one of the most reliable networks in the United States. It offers some of the best cell phone plans out there, and for new customers Verizon also offers some pretty impressive discounts on new phones. In many cases this means you can brand new, recently released phones entirely for free when signing up with Verizon. And that’s the case right now, as we’re currently seeing some of the best Verizon new customer deals we’ve seen. You can pretty easily land a new iPhone, Samsung Galaxy phone, and Google Pixel for free, and we’ve got all of the details on how to do so. If that sounds enticing, read onward and start shopping the best Verizon new customer deals available right now.
Free iPhone SE (3rd Gen)

The 2022 release of the Apple iPhone SE is yours for free when you sign up for a new 5G data plan on Verizon -- no trade-ins required. It's the best small smartphone in our list of the best smartphones with a 4.7-inch Liquid Retina display, but it doesn't sacrifice performance as it's powered by Apple's A15 Bionic chip that's also found in the iPhone 13 line and pre-installed with iOS 15. The latest iPhone SE is equipped with a single 12MP rear sensor and 7MP selfie camera, which are boosted by Apple's software to enable better photographs.

Read more
AirTags range: here’s how far the tracker can reach
An AirTag attached on a keyring

Apple AirTags are a helpful tool for tracking valuable possessions like wallets, keys, luggage, and backpacks. These tags employ various technologies that allow you to track your items from short and long distances using your compatible Apple device, such as an iPhone 15 Plus. You might wonder how far you can track your items with AirTags. It's time to find out.
AirTags range, explained

The range of AirTags varies depending on the method you use to locate them. A Bluetooth connection will work when your AirTags are close to your supported Apple device. Otherwise, Apple's Find My network is utilized. Luckily, you don't have to choose the method because it's selected behind the scenes automatically.

Read more