There has always been a lot of discussions about Android security space. A recent report has pointed out to Android as a less secured mobile OS worldwide, compared to BlackBerry and iOS. In addition to these, a majority of developers are still not willing to work with this platform. Recently, Microsoft offered “Windows Phone device” to “Android malware victim”. The reason is quite obvious that openness of Google ecosystem and its liberal apps policies are worsening Android OS day-by-day. It does not mean that anyone can easily access the non-permissible data from the Android device. Indeed, there’s a big question that if some apps do not have even permission to be installed then how these apps are accessing the data from users’ devices? And also, which type of data it is?
Recently, Paul Brodeur stated on Leviathan Security Group site that he created a “No Permission” app for Android to explore the accessible data from users’ devices, even it was not permitted to be installed. He pointed out three vulnerabilities of Android OS, and among all, first was SD card directory access. We all know, every applications have at least read only access to the content of the external devices. “No Permission” app succeeded to scan all SD card directory from the device which were not hidden. As per Android developers documents, there is not yet any security programming have been written for external storage of the devices.
Secondly, Brodeur succeeded to fetch the data/system/package.list files–which contains currently installed apps on the devices. In this way, he could scan each directories which are used by those installed applications.
And finally, the third vulnerability of Android devices is that anyone can access identifiable information about the device without the prior permission of PHONE_STATE, however, it’s not possible for others to read IMEI or IMSI, but they can read GSM and SIM vendors IDs from the device.
Anyway, these issues are not fruitful of Android OS developers. The security risk implies the less numbers of businesses and professionals. It’s not possible for any OS to lure a large numbers of folks by integrating fastest browser and hundreds of thousands of apps. Users’ data security is foremost important, and Android will have to think about this.