jerdog · Nov 14, 2013 at 11:00 am

Shock and Awe: OEMs Cause Android Security Issues

It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung – we’re looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom UI as some sort of “branding,” are directly responsible for most of the security issues found with Android. Cue Home Alone face.

In all honesty, we really shouldn’t be all that surprised. XDA Elite Recognized Developer jcase gave a great talk at XDA:DevCon13 where he discussed “Android Security Vulnerabilites and Exploits.” There, he identified how OEMs (LG was his main example) are directly responsible for many of the vulnerabilities and exploits he finds.

The researchers at NC State found that 60% of the security issues were directly tied to changes OEMs had made to stock Android, specifically related to apps requesting more permissions than were necessary. They looked at 2 devices from each 4 different OEMs (Sony, Samsung, LG and HTC), with one running a version of Android 2.x and another running 4.x from each OEM, along with the Nexus S and Nexus 4 from Google.

Here are a few of the findings:

  • 86% of preloaded apps asked for more permissions than were necessary, with most coming from OEMs.
  • 65-85% of the security issues on Samsung, HTC, and LG devices come from their customizations, while only 38% of the issues found on Sony devices came from them.

For the user, this should be a warning to pay attention to the permissions used when you install an app and take steps to protect yourself, like with the Xposed module XPrivacy. For OEMs, shame on you. Consumers place trust, no matter how unfounded and risky that is, on you. For you to be breaking that trust by not being responsible and open in your dealings and development is just plain careless.

The full study, presented yesterday at the ACM Conference on Computer and Communications Security in Berlin, is definitely a good read, with specific case studies done on the Samsung Galaxy S3 and LG Optimus P880.

Source: MIT Technology Review

[Thanks to XDA Elite Recognized Developer toastcfh for the tip.]


_________
Want something on the XDA Portal? Send us a tip!

Jimmy McGee · Mar 5, 2015 at 06:00 am · 1 comment

RAVPower RP-WD02 – Android Accessories Review

There are so many Power Banks out there. However, they are not all the same. Some sacrifice weight for capacity. Others do the opposite. Some come with two ports and some come with more, while others come with less. Some are just batteries with a case around it, but others have some unique features. In this episode of XDA TV, Producer TK reviews the RAVPower RP-WD02 Wireless Filehub & Portable Travel Router. This device is the successor to the RP-WD01...

XDA NEWS
GermainZ · Mar 4, 2015 at 07:09 pm · no comments

A Look at the Telegram+ Situation

Most of this article doesn't only apply to Telegram+ -- it just happens to be an example that got a lot of coverage elsewhere, with many authors or commentators putting the full blame on Google, Telegram, the Telegram+ developer or even WhatsApp Inc (eh?). In this article, we'll try to look at the different aspects to provide a clear view of what actually happened, and what can (and hopefully will) improve with regards to developers in general and the Play...

XDA NEWS
Aamir Siddiqui · Mar 4, 2015 at 12:11 pm · 2 comments

Multi Boot: The Fall of Nandroid?

Ever since custom recoveries and roms became popular, nandroid backups have been the fall back method for all android enthusiasts, irrespective of their confidence levels. They allow easy backup and restore in case things go wrong, which happens invariably when a modification is being tested. With that being said, how relevant are Nandroid Backups to this day? Back in 2011, when the world of Android was being awed by the likes of the Samsung Galaxy S2, a little modification made its appearance...

XDA NEWS
Share This