Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Expert Warns of Android Browser Flaw

Posted by Soulskill on from the memory-leak-leading-to-robot-revolt dept.

justice4all writes "Google is working on a fix to a zero-day flaw discovered by British security expert Thomas Cannon that could lead to user data on a mobile phone or tablet device being exposed to attack. Cannon informed Google before posting information about the flaw on his blog. 'While doing an application security assessment one evening I found a general vulnerability in Android which allows a malicious website to get the contents of any file stored on the SD card,' Cannon wrote. 'It would also be possible to retrieve a limited range of other data and files stored on the phone using this vulnerability.'" Sophos's Chester Wisniewski adds commentary on how this situation is one of the downsides to Android's increasing fragmentation in the mobile marketplace.

2 of 98 comments (clear)

  1. OH NO by AnAdventurer · · Score: 0, Troll

    The perfect phone OS has a security flaw!!! DOOM DOOM, it's DOOM!

    --
    6.8SPC TR of 550, l xwind at 6, drift rt at 26" drops 77". AT has 503 ft-lbs at 1403 fps. FT 0.86
  2. Re:linkbait by Moridineas · · Score: 0, Troll

    And a few generations of iPod touch as well... and the iPads. Ok... so more like a total of 8 or 9 models... of ios device...

    Oh you're right, that's true, I wasn't thinking about them since Android is only now starting to expand beyond cellphones. However, my point absolutely stands -- of the 9(?) devices/generations, almost all run the exact same version of iOS.

    It was launched almost 4 years ago, it wasn't DISCONTINUED almost 4 years ago.)

    Given most people had to sign a 3 year contract to get one there are lots of original models still in use. There are lots of original models STILL UNDER CONTRACT.

    What country are you in that requires people to sign a 3 year contract?? God, I thought American cellphone contracts were bad, and I've never seen one go beyond 2 years.

    I can't say for sure, not knowing what country you are in, but for the US (and I would assume the rest of the world) you are very incorrect that there are a "lots of original" models still out there. The original hasn't been sold in about 2.5 years, and given the AT&T contract length of 2 years (and there exceptions to allow people to upgrade early), there just aren't many original users left (not to mention the original hardware's lack of 3g and other limitations). I'm judging this off analytics of sites I work with and other articles I've read...if you've got data to the contrary, let's see it.

    But the really silly thing is comparing Androids fragmentation to apple's going it alone with ios and concluding that the fragmentation is somehow a disadvantage. If each of 20 vendors write their own operating system from the ground up the way apple did, would that be somehow better??

    As I very clearly stated (and you would have read/understood if you weren't clearly just a android fanboi) there are advantages and disadvantages to both system. In a way it's the cathedral and the bizarre. Android devices are NOT going to be supported (at least officially) the way iOS devices are. Some may be supported better, some may be able to be community supported, but you can bet a lot of handsets are going to be neglected not too long after release. I've seen this very complaint on slashdot even! In the end, I agree with Woz...I think Android probably will win.

    Like I explicitly said in my previous post, with some Android phones you can lucky and keep the upgrade train rolling (either officially or community). With Apple they're going to keep the train rolling for awhile, but once it's done (ie, original iPhone) it's done.

    Thank god we don't have 20 apples. One is quite enough.

    Right, so we get you're a operating system fanboi...great.