Home > slashdot > Android Holes Allow Secret Installation of Apps

Android Holes Allow Secret Installation of Apps

November 13th, 2010 11:43 admin Leave a comment Go to comments

CheerfulMacFanboy writes with a link to Heise Online which says “‘Security researchers have demonstrated two vulnerabilities that allow attackers to install apps on Android and its vendor-specific implementations without a user’s permission. During normal installation, users are at least asked to confirm whether an application is to have certain access rights. Bypassing this confirmation request reportedly allows spyware or even diallers to be installed on a smartphone.’ One vulnerability was identified when a security specialist analysed HTC devices and found that the integrated web browser has the right to install further packages (used to automatically update its Flash Lite plug-in). Attackers can exploit this if they have found another browser hole. ‘Android specialist Jon Oberheide demonstrated another hole which involved misusing the Account Manager to generate an authentication token for the Android Market and obtaining permission to install further apps from there. However, this initially requires a specially crafted app to be installed on the smartphone. Nothing could be easier: Oberheide released the allegedly harmless “Angry Birds Bonus Levels” app into the Android Market and, upon installation, this app downloaded and installed three further apps (“Fake Toll Fraud,” “Fake Contact Stealer,” and “Fake Location Tracker”) without requesting the user’s permission.’”

Source: Android Holes Allow Secret Installation of Apps

Related Articles:

  1. Google Remotely Nukes Apps From Android Phones
  2. Google Is Building a Way To Launch Chrome Apps Without Installation
  3. New Attack Uses Attackers’ Own Ad Network To Deliver Android Malware
  4. New Type of Android Malware Spotted In the Wild
  5. Researchers Find Big Leaks In Pre-installed Android Apps
blog comments powered by Disqus