Serious security flaws discovered in Android phones, Samsung and HTC ignore issue
The ease and ability of Android licensees to modify the software they install on their smartphones has opened vast security holes that enable rogue apps to record calls, monitor users' locations and access sensitive data without permission, researchers say, noting that while Google and Motorola acknowledge the issues, HTC and Samsung have ignored their findings.
Researchers from North Carolina State University have demonstrated that Android's permission-based security system can be easily circumvented due to flaws in the software that licensees add to their devices, according to security testing performed on popular HTC, Samsung, Motorola and Google-branded smartphones.
"Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run," the researchers note in the paper (PDF) "Systematic Detection of Capability Leaks in Stock Android Smartphones," which will be presented at this year's Network and Distributed System Security Symposium.
"In this paper, we analyze eight popular Android smartphones and discover that the stock phone images do not properly enforce the permission model. Several privileged permissions are unsafely exposed to other applications which do not need to request them for the actual use."
Google's Android security model erased by its own openness
The researcher's tests on 8 popular Android smartphones (HTC Legend/EVO 4G/Wildfire S, Motorola Droid/Droid X, Samsung Epic 4G, and Google Nexus One/Nexus S) resulted in security breaches in 11 out of 13 privileged permissions, with up to 8 security failures found on a specific model (the HTC EVO 4G).
"By exploiting these leaked capabilities," the paper notes, "an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geolocations ? all without asking for any permission."
This summer, Symantec issued a report highlighting the problem that Google's Android permission system "relies upon the user to make the important security decisions," but the security firm did not publish any findings indicating that Google's permission system simply did not work as advertised on popular Android smartphones.
Apple's App Store curation vs Google's permission model
The new research paper contrasts app security models by Apple and Google, noting that "Apple uses a vetting process through which each third-party app must be scrutinized before it will be made available in the app store. After installing an app, Apple?s iOS platform will prompt the user to approve the use of some functions at run-time, upon their first access.
"From another perspective, Google defines a permission-based security model in Android by requiring each app to explicitly request permissions up-front to access personal information and phone features. The requested permissions essentially define the capability the user may grant to an Android app.
"In other words, they allow a user to gauge the app?s capability and determine whether or not to install the app in the first place. Due to the central role of the permission-based model in running Android apps, it is critical that this model is properly enforced in existing Android smartphones."
Android's permission model has already resulted in a plague of malware, as there is no active curation in Google's Android Market that prevents rogue or malicious developers from posting apps that request inappropriate levels of permissions, in hopes that naive users will install their software without paying attention to complex permission details.
But proponents of Android claim that astute users can safeguard themselves simply by being vigilant about what apps they install, confident that the Android platform won't allow apps to go beyond the permissions they request. That turns out to not be the case, as the researchers have demonstrated that licensee-bundled software can bypass Android and enable rogue apps to wipe the phone, place unauthorized calls or messages, and spy on their location or access supposedly secure data.
The bigger the problem, the greater the denial
After finding serious security lapses in shipping Android phones, the researchers noted that "since April, 2011, we have been reporting the discovered capability leaks to the corresponding vendors," noting that "we experienced major difficulties with HTC and Samsung."
"After identifying these capability leaks, we spent a considerable amount of time on reporting them to the corresponding vendors. As of this writing, Motorola and Google have confirmed the reported vulnerabilities in the affected phones. HTC and Samsung have been really slow in responding to, if not ignoring, our reports/inquiries."
The report notes that "smartphones with more pre-loaded apps tend to be more likely to have explicit capability leaks. The reference implementations from Google (i.e., the Nexus One and Nexus S) are rather clean and free from capability leaks, with only a single minor explicit leak."
It also added that "those smartphones with system images (i.e., the Motorola Droid) close to the reference Android design (i.e., the Nexus One and Nexus S) seem to be largely free of capability leaks, while some of the other flagship devices have several."
With only Google and Motorola having acknowledged any of the problems, that leaves the most successful Android licensees, HTC and Samsung, not only ignoring the reported issues but also continuing to deliver products that are the least safe for users, in many cases without any provisions for updating phones that have already been sold.
Researchers from North Carolina State University have demonstrated that Android's permission-based security system can be easily circumvented due to flaws in the software that licensees add to their devices, according to security testing performed on popular HTC, Samsung, Motorola and Google-branded smartphones.
"Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run," the researchers note in the paper (PDF) "Systematic Detection of Capability Leaks in Stock Android Smartphones," which will be presented at this year's Network and Distributed System Security Symposium.
"In this paper, we analyze eight popular Android smartphones and discover that the stock phone images do not properly enforce the permission model. Several privileged permissions are unsafely exposed to other applications which do not need to request them for the actual use."
Google's Android security model erased by its own openness
The researcher's tests on 8 popular Android smartphones (HTC Legend/EVO 4G/Wildfire S, Motorola Droid/Droid X, Samsung Epic 4G, and Google Nexus One/Nexus S) resulted in security breaches in 11 out of 13 privileged permissions, with up to 8 security failures found on a specific model (the HTC EVO 4G).
"By exploiting these leaked capabilities," the paper notes, "an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geolocations ? all without asking for any permission."
This summer, Symantec issued a report highlighting the problem that Google's Android permission system "relies upon the user to make the important security decisions," but the security firm did not publish any findings indicating that Google's permission system simply did not work as advertised on popular Android smartphones.
Apple's App Store curation vs Google's permission model
The new research paper contrasts app security models by Apple and Google, noting that "Apple uses a vetting process through which each third-party app must be scrutinized before it will be made available in the app store. After installing an app, Apple?s iOS platform will prompt the user to approve the use of some functions at run-time, upon their first access.
"From another perspective, Google defines a permission-based security model in Android by requiring each app to explicitly request permissions up-front to access personal information and phone features. The requested permissions essentially define the capability the user may grant to an Android app.
"In other words, they allow a user to gauge the app?s capability and determine whether or not to install the app in the first place. Due to the central role of the permission-based model in running Android apps, it is critical that this model is properly enforced in existing Android smartphones."
Android's permission model has already resulted in a plague of malware, as there is no active curation in Google's Android Market that prevents rogue or malicious developers from posting apps that request inappropriate levels of permissions, in hopes that naive users will install their software without paying attention to complex permission details.
But proponents of Android claim that astute users can safeguard themselves simply by being vigilant about what apps they install, confident that the Android platform won't allow apps to go beyond the permissions they request. That turns out to not be the case, as the researchers have demonstrated that licensee-bundled software can bypass Android and enable rogue apps to wipe the phone, place unauthorized calls or messages, and spy on their location or access supposedly secure data.
The bigger the problem, the greater the denial
After finding serious security lapses in shipping Android phones, the researchers noted that "since April, 2011, we have been reporting the discovered capability leaks to the corresponding vendors," noting that "we experienced major difficulties with HTC and Samsung."
"After identifying these capability leaks, we spent a considerable amount of time on reporting them to the corresponding vendors. As of this writing, Motorola and Google have confirmed the reported vulnerabilities in the affected phones. HTC and Samsung have been really slow in responding to, if not ignoring, our reports/inquiries."
The report notes that "smartphones with more pre-loaded apps tend to be more likely to have explicit capability leaks. The reference implementations from Google (i.e., the Nexus One and Nexus S) are rather clean and free from capability leaks, with only a single minor explicit leak."
It also added that "those smartphones with system images (i.e., the Motorola Droid) close to the reference Android design (i.e., the Nexus One and Nexus S) seem to be largely free of capability leaks, while some of the other flagship devices have several."
With only Google and Motorola having acknowledged any of the problems, that leaves the most successful Android licensees, HTC and Samsung, not only ignoring the reported issues but also continuing to deliver products that are the least safe for users, in many cases without any provisions for updating phones that have already been sold.
Comments
The bigger the problem, the greater the denial
If I ever want an infected, inferior and piece of crap OS, I'll be sure to get an Android device.
Android is a free OS, that is attractive to bums and people who do not have high standards. I can understand the people who get the devices for free, as some people are poor, but I don't see how anybody can willingly pay any money for any Android device.
If I ever want an infected, inferior and piece of crap OS, I'll be sure to get an Android device.
Android is a free OS, that is attractive to bums and people who do not have high standards. I can understand the people who get the devices for free, as some people are poor, but I don't see how anybody can willingly pay any money for any Android device.
explain.
explain.
There's something called "Google" that will answer it all. It's been discussed countless times already.
explain.
Doesn't Google give Android away for free? Somebody can correct me if I'm mistaken, but I don't think that Google licenses out their OS for money. It's open source and that's why so many manufacturers make Android phones.
Google is an advertising company and that's how they make their money. Google wants a ton of Android devices out there, as the more people using their OS, means more ad money for them.
I can really say that when watching my parents and their generation using their PCs. They just don't care or rely on some standard antivirus and firewall software shipped with the OS.. without knowing it's quality, without updating virus almanach data, without caring for other threats. Most people just never experienced anything dangerous over the last 10y on their PCs.
I think that most Android users an unaware of the fact that their mobile is a much greater threat! Critical data is much easier to find, stored much more uniform way. And there is much more critical data on these devices than on a regular PC. Plus the regular contact with wild wifi networks is also a fact not known to PCs. The threat is much higher and the defense is much weaker than on a PC.
I would never go with such a device, it's just incredible.
[...] But proponents of Android claim that astute users can safeguard themselves simply by being vigilant about what apps they install [...]
I wonder what percentage of the Android-using public are actually astute users.
If you really care about quality and you are completely aware of all the smartphone options available to you
as a consumer, you get an iPhone. Especially now that price is no longer an issue.
Doesn't Google give Android away for free? Somebody can correct me if I'm mistaken, but I don't think that Google licenses out their OS for money. It's open source and that's why so many manufacturers make Android phones.
Google is an advertising company and that's how they make their money. Google wants a ton of Android devices out there, as the more people using their OS, means more ad money for them.
Android as an OS is free, but OEMs have to pay a licensing fee in order to have access to Google services (Gmail, Maps, and most importantly, Android Market). Companies like Amazon and Barnes and Noble don't pay the fee because they use their own version of Android and use their own services instead of Google. Everything that has Google stuff on it, though, there is a license being paid.
The report notes that "smartphones with more pre-loaded apps tend to be more likely to have explicit capability leaks. The reference implementations from Google (i.e., the Nexus One and Nexus S) are rather clean and free from capability leaks, with only a single minor explicit leak."
It also added that "those smartphones with system images (i.e., the Motorola Droid) close to the reference Android design (i.e., the Nexus One and Nexus S) seem to be largely free of capability leaks, while some of the other flagship devices have several."
With only Google and Motorola having acknowledged any of the problems, that leaves the most successful Android licensees, HTC and Samsung, not only ignoring the reported issues but also continuing to deliver products that are the least safe for users, in many cases without any provisions for updating phones that have already been sold.
Not a happy camper that HTC and Sammy are neglecting issues like this, but since this is the only part of the article that pertains to me, Google being among those who acknowledge these flaws, AND have an referenced design phone, I can pretty much say that this is nothing new or special for me in terms of security.
If the problem stems largely from 3rd party pre-installed apps, then this should be less of a threat, but still a noticeable one in the coming months regardless, due to the fact that any phone or tablet getting an ICS update will allow for 3rd party pre-installed apps.
Still, It shouldn't take the removal of such to fix security flaws in these.
If I ever want an infected, inferior and piece of crap OS, I'll be sure to get an Android device.
Android is a free OS, that is attractive to bums and people who do not have high standards. I can understand the people who get the devices for free, as some people are poor, but I don't see how anybody can willingly pay any money for any Android device.
You're such a pathetic excuse for a human being.
Are you a creationist by any chance?
Not a happy camper that HTC and Sammy are neglecting issues like this, but since this is the only part of the article that pertains to me, Google being among those who acknowledge these flaws, AND have an referenced design phone, I can pretty much say that this is nothing new or special for me in terms of security.
If the problem stems largely from 3rd party pre-installed apps, then this should be less of a threat, but still a noticeable one in the coming months regardless, due to the fact that any phone or tablet getting an ICS update will allow for 3rd party pre-installed apps.
Still, It shouldn't take the removal of such to fix security flaws in these.
Yea the OEMs are often Android's worst enemy. Carriers too.
If I ever want an infected, inferior and piece of crap OS, I'll be sure to get an Android device.
The sad part is, despite these repeated warnings and caveats, Androiders don't seem to care all that much. In fact, I get the feeling that, increasingly, many are wearing this sort of abuse as a badge of honor.
Truly pathetic.
You're such a pathetic excuse for a human being.
Are you a creationist by any chance?
I normally agree with your viewpoints, but please explain what being a creationist has to do with anything?
Since the ones most vulnerable are Samsung and HTC I would say the culprit is not the OS itself but the skinning they apply over it, TouchWiz and Sense UI. My Moto Droid just got some security patches so at least Motorola is on the ball.
Are you a creationist by any chance?
What does 'creationism' have to do with his being pro-Apple/anti-Android?
The sad part is, despite these repeated warnings and caveats, Androiders don't seem to care all that much. In fact, I get the feeling that, increasingly, many are wearing this sort of abuse as a badge of honor.
Truly pathetic.
What you call pathetic I call being a well-rounded human in today's society.
Being worried about virtual boogeyman coming to get your phone is half paranoid and half childish.
It has been proven that Apple's curated app store doesn't prevent malicious software, Carrier IQ was only just removed from the iPhone and Apple fixes previously unknown iOS vulnerabilities in every other software release.
I don't hide under my bed scared of the iOS monsters and I wouldn't expect Android users too either.
Android as an OS is free, but OEMs have to pay a licensing fee in order to have access to Google services (Gmail, Maps, and most importantly, Android Market). Companies like Amazon and Barnes and Noble don't pay the fee because they use their own version of Android and use their own services instead of Google. Everything that has Google stuff on it, though, there is a license being paid.
Most of them are also paying a license fee to Microsoft.
- http://9to5google.com/2011/12/05/ver...s-partnership/
Carriers and vendors can do whatever they want to the device allowing for even less consistency across vendors and carriers.What does 'creationism' have to do with his being pro-Apple/anti-Android?
Nothing with that. But his entire online persona is real similar to the young earth creationists I've run across.
Also he isn't merely pro-Apple anti Android he dehumanizes anyone who doesn't think like him or like what he likes.
He is, it seems, a despicable human being.
(Note: I know many creationists even YEC in real life and they are great people but those who post online tend to be...Apple ][-ish)