ANOTHER Dangerous Security Flaw Identified in android

#1 Edited by musicalmac (22971 posts) -

...and it's actually worse than you think, because unlike many of these security flaws that only effect older devices, this flaw will effect almost every android device released between 2010 to the present -- including devices powered by android L.

A new Android design error discovered by Bluebox Security allows malicious apps to grab extensive control over a user's device without asking for any special permissions at installation. The problem affects virtually all Android phones sold since 2010.

This is particularly serious because Google has granted a variety of trusted apps in Android broad permissions; by pretending to be one of these trusted apps, malware can can fool users into thinking that they are installing an app that doesn't need any special permissions, then trick the system into giving it essentially full control of the device, with access to the user's financial data, contacts and other private information, even data stored in the cloud.

Credit AppleInsider

It's pretty damning, that enormous security flaws like this exist in android. Google was informed about the flaw months ago, and a patch has still not been delivered. What's extra damning is that this is very much like what Apple does with app signatures, only in the case of Apple there is a verification step that Google didn't think to implement.

The Google way --

The Apple way --

Earlier this year, Apple released a whitepaper on iOS security that noted, "when we set out to create the best possible mobile OS, we drew from decades of experience to build an entirely new architecture.

"We thought about the security hazards of the desktop environment, and established a new approach to security in the design of iOS. We developed and incorporated innovative features that tighten mobile security and protect the entire system by default. As a result, iOS is a major leap forward in OS security."

As a result, Apple has rapidly gained adoption among corporate and government users while Google hasn't.

Credit AppleInsider

How many more examples will it take for the reality of android to sink in? This is what you get when an ad company copies a personal electronics company to avoid getting left behind. And it's a mess.

EDIT: I wanted to include the various other very recent discussions on this very topic, both for ease of navigation and for perspective on the real issues that many seem too willing to ignore.

Default factory reset doesn't erase all your data on android
A wealth of android security woes in one thread