Skip to main content
  1. Home
  2. Mobile

Manufacturers’ Android modifications open security leaks, study shows

By
android_holes
Image used with permission by copyright holder

Researchers at North Carolina State University have discovered a vulnerability with a number of leading Android handsets that could allow hackers to access private data without having to get explicit user permission. According to the study, such a loophole could give malicious hackers the ability to “wipe out the user data, send out SMS messages, or record user conversation on the affected phones – all without asking for any permission.”

Unlike apps for iOS, which alert a user anytime the app wants to access some type of personal information, like location, Android apps use a permissions-based security system, which tells the user up-front what type of information to which the app may at some point need access. Users can then decide whether or not they want to install the app based upon the permissions granted.

The NCSU study shows that the modification of Android by some handset manufacturers creates a hole in the permissions infrastructure, which could allow hackers to access sensitive private information, or perform functions on the phone, even if an app doesn’t explicitly request permission to perform these activities.

“These features are standard and make the phone more user-friendly,” said Xuxian Jiang, assistant professor of computer science at NCSU. “They make the phones more convenient to use, but also more convenient to abuse.”

Using their “Woodpecker” diagnostics tool, which checks to see if an app can perform a function for which it has no permission, the researchers found the following devices to be most vulnerable: HTC Evo 4G, HTC Wildfire S, HTC Legend, Motoroal Droid and Droid X, Samsung Epic 4G, Google Nexus One and Nexus S. Both Google and Motorola have responded to the researchers, confirming their discovery. Samsung and HTC, however, have given the team “major difficulties.”

Despite their findings, the researchers say that manufacturers should not necessarily be condemned for including these loopholes. In addition, they say all is not lost with Android’s permissions-based system.

“Though one may easily blame the manufacturers for developing and/or including these vulnerable apps on the phone firmware, there is no need to exaggerate their negligence,” the team writes in the study. “Specifically, the permission-based security model in Android is a capability model that can be enhanced to mitigate these capability leaks.”

Read the full study here (pdf).

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
AT&T just made it a lot easier to upgrade your phone
AT&T Storefront with logo.

Do you want to upgrade your phone more than once a year? What about three times a year? Are you on AT&T? If you answered yes to those questions, then AT&T’s new “Next Up Anytime” early upgrade program is made for you. With this add-on, you’ll be able to upgrade your phone three times a year for just $10 extra every month. It will be available starting July 16.

Currently, AT&T has its “Next Up” add-on, which has been available for the past several years. This program costs $6 extra per month and lets you upgrade by trading in your existing phone after at least half of it is paid off. But the new Next Up Anytime option gives you some more flexibility.

Read more
Motorola is selling unlocked smartphones for just $150 today
Someone holding the Moto G Stylus 5G (2024).

Have you been looking for phone deals but don’t want to spend a ton of money on flagship devices from Apple and Samsung? Have you ever considered investing in an unlocked Motorola? For a limited time, the company is offering a $100 markdown on the Motorola Moto G 5G. It can be yours for just $150, and your days and nights of phone-shopping will finally be over!

Why you should buy the Motorola Moto G 5G
Powered by the Snapdragon 480+ 5G CPU and 4GB of RAM, the Moto G delivers exceptional performance across the board. From UI navigation to apps, games, and camera functions, you can expect fast load times, next to no buffering, and smooth animations. You’ll also get up to 128GB of internal storage that you’ll be able to use for photos, videos, music, and any other mobile content you can store locally. 

Read more
The Nokia 3210 is the worst phone I’ve used in 2024
A person holding the Nokia 3210, showing the screen.

Where do I even start with the Nokia 3210? Not the original, which was one of the coolest phones to own back in a time when Star Wars: Episode 1 -- The Phantom Menace wasn’t even a thing, but the latest 2024 reissue that has come along to save us all from digital overload, the horror of social media, and the endless distraction that is the modern smartphone.

Except behind this facade of marketing-friendly do-goodery hides a weapon of torture, a device so foul that I’d rather sit through multiple showings of Jar Jar Binks and the gang hopelessly trying to bring back the magic of A New Hope than use it.
The Nokia 3210 really is that bad

Read more