Under the lwa installed apps on Android phones go sloppy with their rights in Android, so malware text messages can send and random numbers can make calls without asking permission. Discovered that American researchers.
The bugs sit in the toestemmingsmodel of Android for each app when installed ask for permission to access things like location, hardware elements, and call functions. This will be explicitly mentioned in the screen.
By a careless implementation of this in apps that the manufacturer and provider on the device, it appears on various phones to send texts, the location or phone calls to someone without permission is asked for and without that to see that something is happening, according to researchers from the American University of North Carolina. System apps appear to be so now and then their permissions ‘to give’ to other apps, enabling the latter business can perform that they actually shouldn’t.
The researchers made an app that phones can test on 13 points, including the retrieval of the approximate location, precise location via gps, the install and uninstall of apps, audio recording and resetting the unit. The app, Woodpecker, was tested on eight devices, including the HTC Legend and Wildfire S. the Legend proved it possible, to pass unnoticed audio, and the location.
Especially software provided by the manufacturers or providers devices is placed, is susceptible to this bug, say the researchers. They find that more research must be done, inter alia, to the existence of these bugs in third-party apps that users download in the Android Market. The university researchers contribute to a tool as a Woodpecker in the Android sdk can be included, so that manufacturers and developers software in advance of this can follow.
By the large market share of Android is the operating system subject of much research to security. Both malware as security on smartphones is still in its infancy, so there was very little on the subject known. Due to the many data users on smartphones, such as login details of social networks and contacts, smartphones are an attractive target for malwaremakers.
