Skip to main content
  1. Home
  2. Mobile

Manufacturers’ Android modifications open security leaks, study shows

Andrew Couts
By
android_holes
Image used with permission by copyright holder

Researchers at North Carolina State University have discovered a vulnerability with a number of leading Android handsets that could allow hackers to access private data without having to get explicit user permission. According to the study, such a loophole could give malicious hackers the ability to “wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.”

Unlike apps for iOS, which alert a user anytime the app wants to access some type of personal information, like location, Android apps use a permissions-based security system, which tells the user up-front what type of information to which the app may at some point need access. Users can then decide whether or not they want to install the app based upon the permissions granted.

Recommended Videos

The NCSU study shows that the modification of Android by some handset manufacturers creates a hole in the permissions infrastructure, which could allow hackers to access sensitive private information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.

“These features are standard and make the phone more user-friendly,” said Xuxian Jiang, assistant professor of computer science at NCSU. “They make the phones more convenient to use, but also more convenient to abuse.”

Using their “Woodpecker” diagnostics tool, which checks to see if an app can perform a function for which it has no permission, the researchers found the following devices to be most vulnerable: HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. Samsung and HTC, however, have given the team “major difficulties.”

Despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.

“Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence,” the team writes in the study. “Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”

Read the full study here (pdf).

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
How to view Instagram without an account
An iPhone 15 Pro Max showing Instagram via a web browser.

Instagram is one of the largest social media platforms on the planet. Whether you want to share a family photo, what you had for lunch at your favorite cafe, or a silly video of your cat, Instagram is the place to do it.

Read more
Something odd is happening with Samsung’s two new budget phones
A person holding the Samsung Galaxy A35 and Galaxy A55.

The Samsung Galaxy A35 (left) and Galaxy A55 Andy Boxall / Digital Trends

I’ve been using the Samsung Galaxy A55 for almost two weeks and have now swapped my SIM card over to the Samsung Galaxy A35. These are the latest entries in Samsung's budget-minded Galaxy-A series. In all honestly, I can barely tell the difference between them.

Read more
Learn 14 languages: Get $449 off a lifetime subscription to Babbel
A person using the Babbel app on their smartphone.

Learning a new language no longer requires you to make time for formal classes because there are now several language learning apps that you can tap. One of them is Babbel, and you can currently get a lifetime subscription to the online learning platform for only $150 from StackSocial. That's $449 off its original price of $599, but we don't know how much time is remaining before the offer expires. If you want to take advantage of the 74% discount, it's highly recommended that you complete the transaction immediately.

Why you should buy the Babbel lifetime subscription
A lifetime subscription to Babbel not only unlocks the possibility of learning one or two new languages, as the platform encompasses a total of 14 languages: English, French, Spanish, German, Italian, Portuguese, Swedish, Turkish, Dutch, Polish, Indonesia, Norwegian, Danish, and Russian. You'll be learning your new language of choice with lessons that only take 10 minutes to 15 minutes each to complete, so unlike classes with a rigid schedule, you can learn at your own pace and at any time you're free through Babbel. The lessons cover real-life topics, and they use speech recognition technology to help you master pronunciation. You'll then test yourself through personalized review sessions that will help make sure that you retain all the information that's being taught to you.

Read more