Google Developers Group

Android Data-Stealing Vulnerability

The problem is that attackers can read all downloaded files in your handsets using JavaScript. That happens because Android always saves downloaded items in the same place.

Google is working on a fix for this vulnerability. It is said that coming Gingerbread will have a patch to solve the problem.

However, there are older android devices that have memory limitation and won’t be able to run Gingerbread. What should they do? There is one option: don’t use built-in Android browser, and choose some other application (like Opera, Firefox) for Internet access.

Reference: InformationWeek

Tags: android, browser, google, javascript, vulnerability

0 members like this

▶ Reply to This

Replies to This Discussion

Permalink Reply by Yulia Tsiaputa on December 29, 2010 at 8:19am

McAfee Labs announced in its 2011 Threat Predictions report that we should expect increasing politically motivated attacks. Social media sites will suffer from hacker attacks, especially those, which use URL-shortering services. Cybercriminals will also see their great
target in Android, iPhone, Foursquare, Google TV and Mac OS X platforms. The
platforms are new, but have been already greatly implemented in business
environment. So, we should clearly understand the need to be very careful with
data on our devices.

▶ Reply

Permalink Reply by Yulia Tsiaputa on January 24, 2011 at 7:55am

Android-powered devices are under threat of new virus. According to the statement of Japan's Information-technology Promotion Agency (IPA/ISEC) it is bot-type virus “Geinimi”, which hides in smartphone or tablet and acts under the command of spiteful people. Such a virus has been found for the first time. It can be built in any apps downloadable from Android Market and other websites. And you will not be able to identify the virus by appearance. So IPA’s recommendations are:

Be careful with installing applications that ask access to personal information or fee-based services.
Do not install apps from unknown provider.

▶ Reply

Permalink Reply by Yulia Tsiaputa on February 1, 2011 at 8:50am

Some research companies have already warned mobile users about increasing attacks on phones. A few days ago security researchers at North Carolina State University found out vulnerability in Gingerbread by testing a Nexus S. The vulnerability allows attackers to get access to data on the microSD card in the device, and make all spiteful deeds with it. The researchers’ goal was to warn developers about Gingerbread security problems. Nevertheless Honeycomb is about to come, so all the flaws might be solved in it. And the advice for Nexus S users is: to disable Javascript or install a different web browser such as Firefox to safeguard personal data.