A pretty major security flaw has been discovered which would let a spoof app gain access to areas of your phone which you did not give it permission to access when installing it.
Thankfully, this was not discovered by individuals that would want to use this to do some harm. Rather, researchers Jon Oberheide and Zach Lanier were the ones to figure it out, and are going to present their findings tomorrow at Intel’s security conference at their Hillsboro campus.
Oberheide and Lanier created a dummy application, which offers to install Angry Birds bonus levels, to demonstrate the exploit. The spoof app has the ability to install other applications behind the scenes, which could be used for a variety of malicious activities, such as sending unwanted text messages and emails.
So, the bad news is that this vulnerability exists, but the good news is that the good guys are tying to get it patched up. It will be interesting to see how long it takes Google to take notice and implement a fix, so stay tuned.