Flaw in Android, even without permissions, apps can transmit data

Study shows that applications can access files from the SD card and explore information stored by other software.

A survey conducted by Leviathan Security Group found that Google`s operating system has serious problems regarding the restrictions on access to personal information. According to the report, an app that does not have any advanced permissions can read the contents of the SD card and transmit the information over the internet.

The experiment conducted by Paul Brodeur proves that there is a complicated task to explore content "secret" of other apps. Basically, Brodeur created a program called "No Permissions", which, in fact, did not request any permissions to the user - that is, is like one of the simplest kind software.
Permissions hidden

The application "No Permissions" had instructions to read the contents of the SD card, check the contents of the file "/ data / system / packages.list" and finally, data access software with low levels of security.

Although a program without permissions can not access the Internet automatically, Brodeur says that the command "URI ACTION_VIEW" unable to open the browser and send data to any address. According to the blog post Leviathan Security Group, these flaws were found in the Android 2.3.5 and the latest version 4.0.3.

The site The Verge took the download of "In the Permissions" (click here to download the app) and carried out tests with the gallery of the Android. According to the news, the system records various information without any encryption. The portal contacted Google, which said that studies add permissions for the apps to access the images.

Source link:

Follow Luuux

Related Posts

Trending Technology