Android apps with no permissions can still access personal data without authorisation, according new findings by Leviathan Security Group.
Photos, backups and external configuration files can all be viewed by “no permsissions” apps via your handset’s SD card.
“While it’s possible to fetch the contents of all those files, I’ll leave it to someone else to decide what files should be grabbed and which are going to be boring,” commented researcher Paul Brodeur in a blog post.
Using the /data/system/packages.list file which details which apps are installed on a device, Brodeur was also able to read some files belonging to other apps.
“This feature could be used to find apps with weak-permission vulnerabilities, such as those that were reported in Skype last year,” he explained.
The security flaw was tested on Android 4.0.3 Ice Cream Sandwich and Android 2.3.5 Gingerbread but try not to worry too much, we’ve already compiled a guide to trouncing the Android hackers.