Don’t Worry About Your Android Browser So Much

Charlie Miller’s back and he’s got a few people all worked up over Android’s security.  Again.

If you happened upon readwriteweb earlier today, chance are you saw the article on Android vulnerabilities.  The sensationalistic headline had a handful of people worried that they couldn’t even browse the internet without fear of opening the door to hackers and data theft.  Words like catastrophic were being used and people were alarmed.

The article alleged that Miller found an exploit within a part of Android’s framework that could lead to snooping and encrypted data being compromised.  It’s said that Charlie found this back on January 21st and notified Google of it, who has yet to do anything about it.  In fact, the response from Google was along the lines of “Yeah, we heard about that and will get to it as soon as possible.”

The article goes on to say that a fix is available and has been for nearly a week.  The RC33 update being pushed out to G1 owners does not have the fix either.  So what’s going to happen, you ask?  Google has since responded to the article and it has seen an update which includes:

The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later. oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion.

In other words, chillax.  It’s going to happen.  Just sit tight.

Why no rush?  Android, as we have found out a time or two, works in the sandbox method.  This means that whatever is done within an application, stays there unless you grant permissions to an app to cross over somewhere else.  The stuff that happens on the web should stay confined to the web.  There should be no fear of someone, or something, looking into your emails or phone contacts, unless you told the app to.

This goes back to the old standby rule.  If you have to question something, then don’t mess with it.  Don’t open email from people you don’t trust and don’t visit sites you aren’t too keen on.  And for Android apps, don’t install a card game that wants to access your phone book, unless you know why.

For more on the unnecessary tension and drama surrounding this, head over to Download Squad.

About author

AndroidGuys
AndroidGuys 4625 posts

Founded on November 5, 2007, we've enjoyed bringing you the latest in Android news and rumors. Updated daily, we strive to deliver reviews, opinions, and updates on all things related to Android.

You might also like

News and Rumors

Samsung TecTiles invade Las Vegas hotels for CES 2013

In the midst of all the CES craziness, we stumbled upon this little piece of information. Apparently, Samsung has teamed up with Caesars Entertainment to install over 4,500 TecTile NFC

News and Rumors

Amazon Collecting Usage Data Through Their App Store?

According to a developer who got in contact with Business Insider, Amazon may be collecting usage data through their own app store on your Android powered device. He came to this conclusion after he found that if you don’t have the app store installed you can’t access any of the apps you downloaded through it.

News and Rumors

‘NPR News’ Arrives for Android!

We previously reported that the official NPR application for Android would be coming this month and it appears that time has come.  Those of you who stopped in the Android

9 Comments

  1. AndroidGuys
    February 13, 15:12 Reply

    Very good piece Crossbow! Glad to see the feedback. Noticed that Miller has since changed the tune up a bit, too.

  2. Sarah
    February 18, 15:32 Reply

    It makes you wonder what other flaws are part of this OS, though. THere’s an interesting article here.

  3. Lubertus
    September 14, 17:27 Reply

    Вас посетила замечательная мысль

Leave a Reply