Apr 13, 2012
Ever think that a way to detect if certain Android apps are malware because of suspicious permissions they request access to? Well, apparently that’s not even a reliable indicator at this point, because Paul Brodeur of Leviathan Security has put together a sample app that shows just what trouble an app can cause even without having any permission access at all. It’s possible for any app to have read-only access to the SD card and all the photos, backups, and even sometimes OpenVPN certificates as Brodeur discovered. Second, it’s possible for any app to find out what apps are currently installed on each device and “This feature could be used to find apps with weak-permission vulnerabilities, such as those that were reported in Skype last year.” Third, it’s possible for apps to read GSM and SIM vendor IDs, kernel version, and Android ID.
In order to share this information, apps can use the URI ACTION_VIEW to send this data by opening a web browser by sending it through a URI. These vulnerabilities exist in both Gingerbread and Ice Cream Sandwich. Since updating Android is so difficult for Google, these security vulnerabilities may not be patched for many users for a while â€“ and it may be difficult to tell if an app is taking advantage of them.