Wednesday, November 24, 2010

Android browser allows data theft

Extreme news arrived yesterday... to my surprise all big international Android sites haven't reported it yet.

A simple link allows an attacker to steal user data from your Android phone!
Thomas Cannon discovered this and explains here

I got the news here:
Android vulnerability permits data theft on heise.de

und die deutsche Version dazu:
Android-Lücke ermöglicht Datenklau

Brief comment:
Compared to the whole rest of bugs and problems I consider this a severe flaw since most of us use the good and slim default browser. No rooting no dialog box, nothing but an URL is needed to make this work. This will not become widespread but provides an excellent example how all devices can be tricked by consequently accessing it's "features"
We'll all track, how Android providers handle this problem. No paranoia please, my next few phones will feature Android for sure, seeing how thin the membrane protecting personal data can become (for a limited time) is impressive though.

1 comment: