Security firm performs hostile takeover of Android device with zero permissions

Security is a trending topic in the Android arena recently. Problems with apps, malware, and permissions have been revealed as the biggest threats to the rapidly-growing Android ecosystem. Well, it seems like the bad news train is traveling full steam and we have another vulnerability that we need to worry about.

The security firm ViaForensics, one of the firms that analyzed the Google Wallet app and found that it saved unencrypted personal information on rooted phones, has exposed a vulnerability that allows the installation of an APK with no assigned permissions to take over an Android device remotely. The researcher that broke this story, Thomas Cannon, pointed out that the app was installed as a gmae that required no security or root access but through a security hole in the browser, the app is able to leverage the browser’s permissions to take control of the device. On a side note, malware is always going to be a problem and the first line of defense is being a smart user.

via Android Community

Tags: , ,