Once upon a time, Jon Oberheide and Zach Lanier released an Angry Birds mod onto the Android Market which secretly installed three additional apps designed to monitor a phone’s contacts, location information and text messages. They did so to highlight the raft of flaws kicking about in Google’s smartphone OS.
Now the pair are back and things don’t seem to have got much better for Android users, in fact two new flaws have been discovered. The first bug is a “permission escalation vulnerability” which leaves all Android handsets vulnerable to the remote installation of additional “arbitrary applications with arbitrary permissions”. Essentially, hackers are able to install all kinds of malware on your smartphone without permission offering them potential access to call records, texts, Internet browsing history, and media.
To add insult to injury, the Samsung Nexus S owners will be delighted to know their specific handset contains a vulnerability allowing hackers root access and then full control over the smartphone.
“The Android Market ecosystem continues to be a ripe area for bugs,” wrote Oberheide wrote in an email to The Register. “There are some complex interactions between the device and Google’s Market servers which has only been made more complex and dangerous by the Android Web Market.”
Ironically, Oberheide and Lanier are pencilled in to teach a two-day mobile security training course at SOURCE Barcelona this November. It doesn’t look like they’ll be short on material, as you can see from the video below.