Don’t Worry About Your Android Browser So Much

Charlie Miller’s back and he’s got a few people all worked up over Android’s security.  Again.

If you happened upon readwriteweb earlier today, chance are you saw the article on Android vulnerabilities.  The sensationalistic headline had a handful of people worried that they couldn’t even browse the internet without fear of opening the door to hackers and data theft.  Words like catastrophic were being used and people were alarmed.

The article alleged that Miller found an exploit within a part of Android’s framework that could lead to snooping and encrypted data being compromised.  It’s said that Charlie found this back on January 21st and notified Google of it, who has yet to do anything about it.  In fact, the response from Google was along the lines of “Yeah, we heard about that and will get to it as soon as possible.”

The article goes on to say that a fix is available and has been for nearly a week.  The RC33 update being pushed out to G1 owners does not have the fix either.  So what’s going to happen, you ask?  Google has since responded to the article and it has seen an update which includes:

The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later. oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion.

In other words, chillax.  It’s going to happen.  Just sit tight.

Why no rush?  Android, as we have found out a time or two, works in the sandbox method.  This means that whatever is done within an application, stays there unless you grant permissions to an app to cross over somewhere else.  The stuff that happens on the web should stay confined to the web.  There should be no fear of someone, or something, looking into your emails or phone contacts, unless you told the app to.

This goes back to the old standby rule.  If you have to question something, then don’t mess with it.  Don’t open email from people you don’t trust and don’t visit sites you aren’t too keen on.  And for Android apps, don’t install a card game that wants to access your phone book, unless you know why.

For more on the unnecessary tension and drama surrounding this, head over to Download Squad.

About author

AndroidGuys
AndroidGuys 4629 posts

Founded on November 5, 2007, we've enjoyed bringing you the latest in Android news and rumors. Updated daily, we strive to deliver reviews, opinions, and updates on all things related to Android.

You might also like

News and Rumors

Verizon: “There is a Need for Another Android Store”

The nation’s largest wireless provider is gearing up to release an app store to take on the Android Market. What started out last week as speculation has been confirmed this week by Verizon’s VP consumer solutions.

Featured

HTC One M9 announced for March

After months of rumors, conjecture, and an endless supply of leaks, the HTC One M9 is a reality. HTC today announced its latest flagship smartphone at Mobile World Congress, Keeping

News and Rumors

Various versions of Galaxy S II on sale at Amazon

Just a quick note to let you guys know that the various iterations of the Samsung Galaxy S II are on sale over at Amazon Wireless.  Depending on which carrier

9 Comments

  1. AndroidGuys
    February 13, 15:12 Reply

    Very good piece Crossbow! Glad to see the feedback. Noticed that Miller has since changed the tune up a bit, too.

  2. Sarah
    February 18, 15:32 Reply

    It makes you wonder what other flaws are part of this OS, though. THere’s an interesting article here.

  3. Lubertus
    September 14, 17:27 Reply

    Вас посетила замечательная мысль

Leave a Reply