You may have heard about a recent surge in Android malware. Still, that malware comes in the form of apps. So long as you watch your permissions, you’re fine. Right?
Wrong. Every Android phone comes with some pre-installed apps, and some more than others. A group of researchers at North Carolina State University were interested to know if these apps, which often can’t be uninstalled by the user, contain security flaws. Eight phones were tested including three from HTC (Legend, EVO 4G, Wildfire S), two from Motorola (Droid and Droid X), the Samsung Epic 4G and Google’s Nexus One/S.
All of the phones were found to have security issues due to pre-installed apps. The most serious of these flaws are capability leaks that allow third-party apps to exploit an interface or service in use by another app without making a permission request of its own. Researchers found it would be possible for malware to wipe out data, send SMS messages, and obtain geo-location data by exploiting pre-installed apps.
What can you do to protect yourself from this threat? The researchers don’t provide any help there, though to their credit, they did contact the companies whose phones they exploited in an attempt to provide them with information.
Since these pre-installed apps often can’t be uninstalled by default, the only complete solution is to root your phone and install a custom ROM. However, as the researchers note in their paper, there is no reason why third-party apps could not contain the same flaws they found in the pre-installed apps they researched.
If you’d like the full story, the paper is currently public. Just be warned – it’s not written for the layman.