118.47KB
39 downloads
It was recently found that Android's debugging feature could be used to steal information from apps running on an Android device. With a little effort, an app can be set up on Android to debug another running app.This debugging app would have access to all the information the debugged app has, so items like user names, passwords, and sensitive information are trivial to steal.
This vulnerability is only in version 2.3 (Gingerbread) or earlier. Practically all Android devices sold today run newer versions. Google’s own numbers indicate however that more than half of all Android devices in use still run these potentially older versions. Many devices were sold with Gingerbread even into 2012 – and will probably never receive an update to a newer Android version.
19.37KB
35 downloads
37.02KB
24 downloads
For an app to be vulnerable to being debugged it has to have been set to be debuggable in the first place. In general, debuggable versions of apps should not be released to the public.
(Approximately 5% of apps in the Top Free apps list are set to be debuggable, so the risk is not insignificant.)
Going forward, it would be a prudent idea for mobile developers to consider the security of their apps, not just their features and ease-of-use. Google should consider if it is possible to design Android in such a way that older devices can still receive security updates,
Independent of mobile service providers and device manufacturers. As usual, the message for users is clear: be careful what apps you end up downloading and using on your device. It’s quite possible that the “innocent” app you end up downloading could end up being malicious. It is very easy to mindlessly download an app, but some thought should be given to the permissions.
Via:
Gingerbread owners may be at risk
Started by
eyecre8
, Jan 29 2013 09:39 AM
security permissions gingerbread debugging
No replies to this topic
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users