Smishing, or SMS-phishing, is an old scamming technique that baits users into putting in personal information on fake websites by sending bogus text messages. It hasn’t been too common in the past few years, but some researchers at NC State University have found a vulnerability affecting several Android versions that could make phishing popular again. The exploit identified affects Gingerbread, Ice Cream Sandwich, and even Jelly Bean.
The exploit, very simply, allows an affected app to send a convincing, but fake, text message asking for Facebook logins, bank information, etc. Most of the time, these things are more of an annoyance than anything, but they can still be quite dangerous. The research team won’t disclose any specifics of the exploits, but they’ve reached out to Google, and Google has responded that they are working on a fix in “a future Android release.” Until Google gets this patched up, remember to be cautious with the apps you download and the permissions some of those apps are requesting.