jerdog · Nov 14, 2013 at 11:00 am

Shock and Awe: OEMs Cause Android Security Issues

It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung – we’re looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom UI as some sort of “branding,” are directly responsible for most of the security issues found with Android. Cue Home Alone face.

In all honesty, we really shouldn’t be all that surprised. XDA Elite Recognized Developer jcase gave a great talk at XDA:DevCon13 where he discussed “Android Security Vulnerabilites and Exploits.” There, he identified how OEMs (LG was his main example) are directly responsible for many of the vulnerabilities and exploits he finds.

The researchers at NC State found that 60% of the security issues were directly tied to changes OEMs had made to stock Android, specifically related to apps requesting more permissions than were necessary. They looked at 2 devices from each 4 different OEMs (Sony, Samsung, LG and HTC), with one running a version of Android 2.x and another running 4.x from each OEM, along with the Nexus S and Nexus 4 from Google.

Here are a few of the findings:

  • 86% of preloaded apps asked for more permissions than were necessary, with most coming from OEMs.
  • 65-85% of the security issues on Samsung, HTC, and LG devices come from their customizations, while only 38% of the issues found on Sony devices came from them.

For the user, this should be a warning to pay attention to the permissions used when you install an app and take steps to protect yourself, like with the Xposed module XPrivacy. For OEMs, shame on you. Consumers place trust, no matter how unfounded and risky that is, on you. For you to be breaking that trust by not being responsible and open in your dealings and development is just plain careless.

The full study, presented yesterday at the ACM Conference on Computer and Communications Security in Berlin, is definitely a good read, with specific case studies done on the Samsung Galaxy S3 and LG Optimus P880.

Source: MIT Technology Review

[Thanks to XDA Elite Recognized Developer toastcfh for the tip.]


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA. View jerdog's posts and articles here.
Emil Kako · Apr 27, 2015 at 12:26 pm · 2 comments

Do You Use 4:3 or 16:9 in the Camera App?

Every person has their own method of taking the best photos on their devices, but which aspect ratio is best when taking photos on your smartphone camera? Let us know whether you prefer to use 4:3 or 16:9 and why in the comments below.

DISCUSS
Aamir Siddiqui · Apr 27, 2015 at 11:12 am · 3 comments

The Curious Case Of The Flash Sale

What do the horses in the Xiaomi stable, notably the Mi 3, Mi 4, Redmi 1S, Redmi 2 & Redmi Note 4G have in common with the YU Yureka or the Micromax Canvas Spark, or even the Lenovo A6000 and the A7000? For starters, the mentioned phones are amongst the more value centric Android smartphones, aiming to offer a better deal in terms of specifications and an overall package, than their domestic and foreign competitors in the Indian market. What...

XDA NEWS
Jimmy McGee · Apr 27, 2015 at 06:00 am · 3 comments

3D Printable Mobile Microscope? Nexus 7 Discontinued – XDA TV

The Nexus 7 2013 has been discontinued on the Google Store! That and much more news is covered by Jordan when he reviews all the important stories from this weekend. Included in this weekend's news is the announcement of Xposed 3.0 Alpha 3 and be sure to check out the article talking about the 3D printable microscope for mobile devices. That's not all that's covered in today's video! Jordan talks about the other videos released this week on XDA TV. XDA...

XDA NEWS
Share This