jerdog · Nov 14, 2013 at 11:00 am

Shock and Awe: OEMs Cause Android Security Issues

It should come as no surprise that here at XDA, we are always calling on the OEMs to do a better job of removing the bloat of their custom UIs (Samsung – we’re looking at you and your now insane TouchWiz size) and improving the overall user experience. What may come as a shock to some, though, is that a recent study by researchers at North Carolina State University says that those same OEMs, and their incessant need to have a custom UI as some sort of “branding,” are directly responsible for most of the security issues found with Android. Cue Home Alone face.

In all honesty, we really shouldn’t be all that surprised. XDA Elite Recognized Developer jcase gave a great talk at XDA:DevCon13 where he discussed “Android Security Vulnerabilites and Exploits.” There, he identified how OEMs (LG was his main example) are directly responsible for many of the vulnerabilities and exploits he finds.

The researchers at NC State found that 60% of the security issues were directly tied to changes OEMs had made to stock Android, specifically related to apps requesting more permissions than were necessary. They looked at 2 devices from each 4 different OEMs (Sony, Samsung, LG and HTC), with one running a version of Android 2.x and another running 4.x from each OEM, along with the Nexus S and Nexus 4 from Google.

Here are a few of the findings:

  • 86% of preloaded apps asked for more permissions than were necessary, with most coming from OEMs.
  • 65-85% of the security issues on Samsung, HTC, and LG devices come from their customizations, while only 38% of the issues found on Sony devices came from them.

For the user, this should be a warning to pay attention to the permissions used when you install an app and take steps to protect yourself, like with the Xposed module XPrivacy. For OEMs, shame on you. Consumers place trust, no matter how unfounded and risky that is, on you. For you to be breaking that trust by not being responsible and open in your dealings and development is just plain careless.

The full study, presented yesterday at the ACM Conference on Computer and Communications Security in Berlin, is definitely a good read, with specific case studies done on the Samsung Galaxy S3 and LG Optimus P880.

Source: MIT Technology Review

[Thanks to XDA Elite Recognized Developer toastcfh for the tip.]


_________
Want something on the XDA Portal? Send us a tip!

jerdog

jerdog is an editor on XDA-Developers, the largest community for Android users. Jeremy has been an XDA member since 2007, and has been involved in technology in one way or another, dating back to when he was 8 years old and was given his first PC in 1984 - which promptly got formatted. It was a match made in the stars, and he never looked back. He has owned, to date, over 60 mobile devices over the last 15 years and mobile technology just clicks with him. In addition to being a News Editor and OEM Relations Manager, he is a Senior Moderator and member of the Developer and Moderator Committees at XDA.
Emil Kako · Mar 29, 2015 at 06:47 pm · 3 comments

Has ART Made a Noticeable Jump in App Performance?

We've received mixed reports about switching to ART but it seems that the majority of users who make the jump see some type of improvement. But just how noticeable is this improvement in app performance? Let us know if switching to ART has brought noticeable changes to your device's performance.

DISCUSS
Aamir Siddiqui · Mar 29, 2015 at 06:02 pm · 2 comments

Samsung Galaxy S6 Edge Drop Test

The Samsung Galaxy S6 and Galaxy S6 Edge are already proving to be amongst the head turners of 2015. From favoring their inhouse Exynos 7 SoC over the Snapdragon 810 SoC (which ended up causing issues to its main rival); to ditching the removable battery and micro sd card slot in favor of a more "premium" device, the flagship duo have a lot going on for them at this stage. Regarding the premium redesign which replaced plastic with metal and glass,...

XDA NEWS
Mario Tomás Serrafero · Mar 29, 2015 at 12:02 pm · 1 comment

Sunday Debate: Corporate Cyanogen Good for Android?

Join us in a fun Sunday Debate on Cyanogen Inc. Come with your opinions and feel free to read some of our thoughts, then pick your side or play devil’s advocate to get your voice heard and engage in friendly discussion. You can read our food-for-thought or jump straight into the fray below!     CyanogenMod is widely recognized across XDA for its solid performance, great feature set and far-reaching (and also long-lasting) support for all sorts of devices, from...

XDA NEWS
Share This