Manufacturers’ Android modifications open security leaks, study shows


Researchers at North Carolina State University have discovered a vulnerability with a number of leading Android handsets that could allow hackers to access private data without having to get explicit user permission. According to the study, such a loophole could give malicious hackers the ability to “wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.”

Unlike apps for iOS, which alert a user anytime the app wants to access some type of personal information, like location, Android apps use a permissions-based security system, which tells the user up-front what type of information to which the app may at some point need access. Users can then decide whether or not they want to install the app based upon the permissions granted.

The NCSU study shows that the modification of Android by some handset manufacturers creates a hole in the permissions infrastructure, which could allow hackers to access sensitive private information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.

“These features are standard and make the phone more user-friendly,” said Xuxian Jiang, assistant professor of computer science at NCSU. “They make the phones more convenient to use, but also more convenient to abuse.”

Using their “Woodpecker” diagnostics tool, which checks to see if an app can perform a function for which it has no permission, the researchers found the following devices to be most vulnerable: HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. Samsung and HTC, however, have given the team “major difficulties.”

Despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.

“Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence,” the team writes in the study. “Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”

Read the full study here (pdf).

Product Review

Google’s Pixel 3 is a hair away from pocket-sized perfection

Google’s Pixel 3 smartphone is the best Android phone you can buy. It doesn’t have the best looks or the best hardware, but you’ll be hard pressed to find better software and unique A.I. functionalities.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Which smartphone has the best camera? We found the sharpest shooters

They say that the best camera is always the one you have with you and that makes your smartphone camera very important indeed. Join us for a closer look at the best camera phones available right now.

Data stolen from includes partial SSNs and immigration status

Around 75,000 users have had their user data stolen from government site, including information on their immigration status, whether they were pregnant, and partial social security numbers.

Google rolls out Night Sight to Pixel 3 and 3 XL camera app

Google's latest flagships, the Pixel 3 and Pixel 3 XL, are now official and we have all the details from the October 9 event in New York City and Paris. Here's everything we know about the Google Pixel 3 and Pixel 3 XL.

You can now message businesses straight through Google Maps

Google has been updating Maps with a ton of new features over the past few months, and now it's back with another one -- the ability for users to message businesses directly through the Maps app.
Product Review

With style and feature upgrades, Misfit's next-generation Vapor 2 gets it right

Misfit’s next-generation smartwatch, the Vapor 2, packs built-in GPS, a heart-rate sensor, and more, into a beautiful design that starts from $250. We take a closer look at the company's latest device.

The Motiv smart ring is coming to 20 more countries and physical stores

Remember Motiv's activity tracking smart ring? It's back with a raft of new features that adds biometric identification and token authentication, all on a device that fits on your finger.

Sharp doubles down on the notch trend with Aquos R2 Compact

As if one notch wasn't enough, Japanese manufacturer Sharp unveiled a new smartphone that has two -- one teardrop style notch at the top, and a bigger notch at the bottom. Here's what the world's first dual-notch smartphone looks like.

Verizon has made its first 5G video call … with a phone that’s already out

Verizon has announced that it has successfully made its first video call, using a smartphone that's already available: The Motorola Moto Z3. To make the call, Verizon used the 5G Moto Mod.

Samsung patents show what Infinity-O display could look like on Galaxy S10

While we still may be months away from an announcement, there's no doubt about it: Samsung is working hard on its successor to the Galaxy S9. Here's everything we know about the upcoming Samsung Galaxy S10.

New sensor from L’Oréal tracks UV exposure to keep your skin safe from the sun

L'Oréal has announced a new wearable sensor that attaches to your clothing and can track ultraviolet light. The sensor uses NFC instead of Bluetooth -- meaning it doesn't need a battery to work properly.

15 tips for keeping your vault-dwellers alive in ‘Fallout Shelter’

The wasteland can be an unfriendly place, if you don't know what you're doing. Here are 15 tips that will help your vault thrive in Fallout Shelter, including information on questing.

Motorola Moto G7: Here’s everything we know

The Moto G6 range is still relatively new to the market, but rumors have already started about the Moto G7, which is expected some time in 2019. Apparently, a G7 Power version will be joining the G7, G7 Play, and G7 Plus.