Security Flaw in Android
“Serious Flaw” has been detected in Android release version ( that comes in G1).
Heres a quote from NewYorkTimes article
Charles A. Miller, notified Google of the flaw this week and said he was publicizing it now because he believed that cellphone users were not generally aware that increasingly sophisticated smartphones faced the same threats that plague Internet-connected personal computers.
The risk in the Google design, according to Mr. Miller, who is a principal security analyst at Independent Security Evaluators in Baltimore, lies in the danger from within the Web browser partition in the phone. It would be possible, for example, for an intruder to install software that would capture keystrokes entered by the user when surfing to other Web sites. That would make it possible to steal identity information or passwords.
Heres what happens. You visit a questionable website –> Browser in Android is exploited –> triggers download of an Application into your G phone –> Executed in background.
Its not clear if there are any websites/applications that actually exploit this vulneralibility but its not a surprise either. Android in principle will be primary target of malicious code in the future. And this is _the_only_real problem Google’s gonna face years to come.
Here are the precautions you SHOULD take to avoid any such infestation atleast till we have an alarm-caution system and you should be fine.
- DO NOT VISIT WEBSITES THAT ARE NOT WELL KNOWN
- LIMIT YOUR ONLINE MOBILE ACTIVITY TO THE USUAL STUFF
- DOWNLOAD ANDROID APPLICATIONS FROM CREDIBLE SOURCES. At the moment, there are about 2 other sites apart from Android Market
Remember, there are desktops near by for your adventures. Mobile Security can be potentially dangerous cuz we’re heading into “convergence” where our mobiles and destined to become our vallets.
Hence take such stories seriously.[source: tech blorge via NYT ]