Skip to main content
  1. Home
  2. Mobile

Manufacturers’ Android modifications open security leaks, study shows

Andrew Couts
By
android_holes
Image used with permission by copyright holder

Researchers at North Carolina State University have discovered a vulnerability with a number of leading Android handsets that could allow hackers to access private data without having to get explicit user permission. According to the study, such a loophole could give malicious hackers the ability to “wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.”

Unlike apps for iOS, which alert a user anytime the app wants to access some type of personal information, like location, Android apps use a permissions-based security system, which tells the user up-front what type of information to which the app may at some point need access. Users can then decide whether or not they want to install the app based upon the permissions granted.

Recommended Videos

The NCSU study shows that the modification of Android by some handset manufacturers creates a hole in the permissions infrastructure, which could allow hackers to access sensitive private information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.

“These features are standard and make the phone more user-friendly,” said Xuxian Jiang, assistant professor of computer science at NCSU. “They make the phones more convenient to use, but also more convenient to abuse.”

Using their “Woodpecker” diagnostics tool, which checks to see if an app can perform a function for which it has no permission, the researchers found the following devices to be most vulnerable: HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. Samsung and HTC, however, have given the team “major difficulties.”

Despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.

“Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence,” the team writes in the study. “Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”

Read the full study here (pdf).

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
This crazy headband uses music and brainwaves to make you a better athlete
A person wearing the Alphabeats headband.

This company wants you to put on a headband and listen to music while the device's sensors in it read your brainwaves to help you focus and to increase your sporting performance. It’s called Alphabeats, and the electroencephalogram (EEG) headband combines with your choice of music and an app on your phone to help train your brain to either stay in its top-focused state or concentrate on its requirements in the moment, whether that’s relaxation, recovery, or sleep.

Aimed at professional ahtletes or highly motivated amateurs, Alphabeats won a CES 2023 Innovation award and is now available for pre-order. It costs $499 at the moment, but the price will increase to $689 after the promotional period ends. You probably won’t be surprised to learn (given the recent growing and  unfortunate trend) that this price includes a year’s subscription to the service, but at the time of writing, there’s no information about how much the subscription will cost after the first year.

Read more
Here’s how Apple could change your iPhone forever
An iPhone 15 Pro Max laying on its back, showing its home screen.

Over the past few months, Apple has released a steady stream of research papers detailing its work with generative AI. So far, Apple has been tight-lipped about what exactly is cooking in its research labs, while rumors circulate that Apple is in talks with Google to license its Gemini AI for iPhones.

But there have been a couple of teasers of what we can expect. In February, an Apple research paper detailed an open-source model called MLLM-Guided Image Editing (MGIE) that is capable of media editing using natural language instructions from users. Now, another research paper on Ferret UI has sent the AI community into a frenzy.

Read more
OnePlus’ next foldable phone may get a huge camera upgrade
Digital render of Oppo Find N3 Flip in pink color.

Oppo Find N3 Flip Oppo

OnePlus' merger back into its parent company, Oppo, has been both good and bad for the "Never Settle" brand. While OnePlus has seen a dismaying downfall in the quality of its previously distinctive interface, it has helped make up for that in camera performance -- thanks in large part to Oppo's partnership with imaging stalwart Hasselblad. That collaboration is rumored to bear fruit once again, this time in the form of a flip phone with a robust camera.

Read more