Don’t Worry About Your Android Browser So Much

Charlie Miller’s back and he’s got a few people all worked up over Android’s security.  Again.

If you happened upon readwriteweb earlier today, chance are you saw the article on Android vulnerabilities.  The sensationalistic headline had a handful of people worried that they couldn’t even browse the internet without fear of opening the door to hackers and data theft.  Words like catastrophic were being used and people were alarmed.

The article alleged that Miller found an exploit within a part of Android’s framework that could lead to snooping and encrypted data being compromised.  It’s said that Charlie found this back on January 21st and notified Google of it, who has yet to do anything about it.  In fact, the response from Google was along the lines of “Yeah, we heard about that and will get to it as soon as possible.”

The article goes on to say that a fix is available and has been for nearly a week.  The RC33 update being pushed out to G1 owners does not have the fix either.  So what’s going to happen, you ask?  Google has since responded to the article and it has seen an update which includes:

The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later. oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion.

In other words, chillax.  It’s going to happen.  Just sit tight.

Why no rush?  Android, as we have found out a time or two, works in the sandbox method.  This means that whatever is done within an application, stays there unless you grant permissions to an app to cross over somewhere else.  The stuff that happens on the web should stay confined to the web.  There should be no fear of someone, or something, looking into your emails or phone contacts, unless you told the app to.

This goes back to the old standby rule.  If you have to question something, then don’t mess with it.  Don’t open email from people you don’t trust and don’t visit sites you aren’t too keen on.  And for Android apps, don’t install a card game that wants to access your phone book, unless you know why.

For more on the unnecessary tension and drama surrounding this, head over to Download Squad.

About author

AndroidGuys
AndroidGuys 4639 posts

Founded on November 5, 2007, we've enjoyed bringing you the latest in Android news and rumors. Updated daily, we strive to deliver reviews, opinions, and updates on all things related to Android.

You might also like

News and Rumors

Facebook app now allows for post and comment editing

The official Facebook app for Android has a new feature that should be well-received by many of you. As the headlines spoils it, the app now allows for editing of

News and Rumors

LG gearing up for G Watch launch

LG is prepping the launch of one of the first Android Wear smartwatches, the G Watch.  After many different teases, especially the video last week (down below), LG has posted

News and Rumors

You’ve Got Questions. That’s Understandable.

Android developers, particularly newcomers to the platform, often have a difficult time getting assistance with their questions. Learn about where and how to ask your questions in today’s episode of Building ‘Droids!

9 Comments

  1. AndroidGuys
    February 13, 15:12 Reply

    Very good piece Crossbow! Glad to see the feedback. Noticed that Miller has since changed the tune up a bit, too.

  2. Sarah
    February 18, 15:32 Reply

    It makes you wonder what other flaws are part of this OS, though. THere’s an interesting article here.

  3. Lubertus
    September 14, 17:27 Reply

    Вас посетила замечательная мысль

Leave a Reply