jerdog · Nov 14, 2013 at 11:00 am

Shock and Awe: OEMs Cause Android Security Issues

It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung – we’re looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom UI as some sort of “branding,” are directly responsible for most of the security issues found with Android. Cue Home Alone face.

In all honesty, we really shouldn’t be all that surprised. XDA Elite Recognized Developer jcase gave a great talk at XDA:DevCon13 where he discussed “Android Security Vulnerabilites and Exploits.” There, he identified how OEMs (LG was his main example) are directly responsible for many of the vulnerabilities and exploits he finds.

The researchers at NC State found that 60% of the security issues were directly tied to changes OEMs had made to stock Android, specifically related to apps requesting more permissions than were necessary. They looked at 2 devices from each 4 different OEMs (Sony, Samsung, LG and HTC), with one running a version of Android 2.x and another running 4.x from each OEM, along with the Nexus S and Nexus 4 from Google.

Here are a few of the findings:

  • 86% of preloaded apps asked for more permissions than were necessary, with most coming from OEMs.
  • 65-85% of the security issues on Samsung, HTC, and LG devices come from their customizations, while only 38% of the issues found on Sony devices came from them.

For the user, this should be a warning to pay attention to the permissions used when you install an app and take steps to protect yourself, like with the Xposed module XPrivacy. For OEMs, shame on you. Consumers place trust, no matter how unfounded and risky that is, on you. For you to be breaking that trust by not being responsible and open in your dealings and development is just plain careless.

The full study, presented yesterday at the ACM Conference on Computer and Communications Security in Berlin, is definitely a good read, with specific case studies done on the Samsung Galaxy S3 and LG Optimus P880.

Source: MIT Technology Review

[Thanks to XDA Elite Recognized Developer toastcfh for the tip.]


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA. View jerdog's posts and articles here.
Aamir Siddiqui · Jun 30, 2015 at 02:43 pm · 3 comments

Beats Music No Longer Accepting New Accounts

Whenever Apple launches a new product or service, it definitely manages to grab the attention of all. Whether you love the company and or its products, or you hate it, there's no denying that Apple does make more people interested in things, old or new. When the company announced Apple Music, it directly took aim at the user base of iTunes which had migrated to the streaming convenience of Spotify and later, Google Play Music. In order to further bolster...

XDA NEWS
Emil Kako · Jun 30, 2015 at 02:37 pm · 3 comments

Do You Do Self-Repairs on Your Devices?

As smartphone designs become more and more complex, self-repairs on devices are also becoming more complicated. Unibody handsets like HTC's One flagship series can sometimes be a nightmare to repair if the person doesn't have much experience. That, of course, all depends on the device you are attempting to repair though. So, how many of you do self-repairs on your devices? Let us know why or why not in the comments below.

DISCUSS
Faiz Malkani · Jun 30, 2015 at 02:03 pm · 3 comments

Sony Z4 Slips Out of Top 5 Smartphones in Japan

In a bid to streamline its flagship series which had been losing credibility over the past few years due to their 6 month release cycles, Sony announced that releases would be pushed back to the standard duration of one year instead. When Sony's 2015 flagship was unveiled as the Z4 in Japan and the Z3+ across the rest of the world, enthusiasts everywhere expected things to take a turn for the better, in lieu of the aforementioned announcement. However, two months...

XDA NEWS
Share This