Charlie Miller, Mark Daniel and Jake Honoroff, who work for security testing and analysis firm Independent Security Evaluators, have disclosed that a successful hack could allow the attacker to capture all the stored information on the phone’s browser. However, until a fix has been found, they weren’t willing to give any specifics.
They did give credit to the Android for its secure ‘sandbox,’ under which any attacks would be limited by cutting off access to outside components. But at the same time they criticized Google for not using the most recent version of open-source components in development.
"The vulnerability is due to the fact Google did not use the most up to date versions of all these packages," the researchers said. "In other words, this particular security vulnerability that affects the G1 phone was known and fixed in the relevant software package, but Google used an older, still vulnerable version."