Android launcher security vulnerability raises concerns over phishing


Heartbleed may be dominating the headlines when it comes to security topics lately, and while that one does pose some specific risks for smartphone users, it’s far from alone among all the vulnerabilities out there. Today we hear about Google’s efforts to address one that’s new to us, an oversight in how Android manages permissions that could set the stage for malicious software to orchestrate a phishing attack.

The problem stems from a pair of unprotected permissions tied to the Android launcher’s configuration settings. Since they’re classified at the low-risk “normal” permission level, Android grants apps these abilities without directly notifying the user. Our trouble creeps up when researchers noticed that it’s nonetheless possible to perform malicious actions with these permissions: an app can change icons on your home screen to no longer point to their intended app targets, but redirect the user to a malicious website, instead.

Won’t you notice when you tap on your bank’s app and get sent to a web page instead? Hopefully, but we can still appreciate the risk this vulnerability opens up, especially for users who might not be fully used to how a particular app’s supposed to function.

Reportedly, Google’s patched this behavior and issued the code to its OEM partners. We’re not sure if it’s part of those 4.4.3 changes that should start arriving this week, but it’s coming eventually.

Source: Computer World
Via: phoneArena

Share This Post
What's your reaction?
Love It
Like It
Want It
Had It
Hated It
About The Author
Stephen Schenck
Stephen has been writing about electronics since 2008, which only serves to frustrate him that he waited so long to combine his love of gadgets and his degree in writing. In his spare time, he collects console and arcade game hardware, is a motorcycle enthusiast, and enjoys trapping blue crabs. Stephen's first mobile device was a 624 MHz Dell Axim X30, which he's convinced is still a viable platform. Stephen longs for a market where phones are sold independently of service, and bandwidth is cheap and plentiful; he's not holding his breath. In the meantime, he devours smartphone news and tries to sort out the juicy bits Read more about Stephen Schenck!