Don’t Worry About Your Android Browser So Much

Charlie Miller’s back and he’s got a few people all worked up over Android’s security.  Again.

If you happened upon readwriteweb earlier today, chance are you saw the article on Android vulnerabilities.  The sensationalistic headline had a handful of people worried that they couldn’t even browse the internet without fear of opening the door to hackers and data theft.  Words like catastrophic were being used and people were alarmed.

The article alleged that Miller found an exploit within a part of Android’s framework that could lead to snooping and encrypted data being compromised.  It’s said that Charlie found this back on January 21st and notified Google of it, who has yet to do anything about it.  In fact, the response from Google was along the lines of “Yeah, we heard about that and will get to it as soon as possible.”

The article goes on to say that a fix is available and has been for nearly a week.  The RC33 update being pushed out to G1 owners does not have the fix either.  So what’s going to happen, you ask?  Google has since responded to the article and it has seen an update which includes:

The Android Security Team responded by contacting PacketVideo, T-Mobile, and oCERT, a public Computer Emergency Response Team. PacketVideo developed a fix on February 5th, and they patched Open Source Android two days later. oCERT assisted PacketVideo with coordinating the fix, and they published an advisory detailing this issue. We offered the patch to T-Mobile when it became available, and G1 users will be updated at T-Mobile’s discretion.

In other words, chillax.  It’s going to happen.  Just sit tight.

Why no rush?  Android, as we have found out a time or two, works in the sandbox method.  This means that whatever is done within an application, stays there unless you grant permissions to an app to cross over somewhere else.  The stuff that happens on the web should stay confined to the web.  There should be no fear of someone, or something, looking into your emails or phone contacts, unless you told the app to.

This goes back to the old standby rule.  If you have to question something, then don’t mess with it.  Don’t open email from people you don’t trust and don’t visit sites you aren’t too keen on.  And for Android apps, don’t install a card game that wants to access your phone book, unless you know why.

For more on the unnecessary tension and drama surrounding this, head over to Download Squad.

Note: Select outbound links may include affiliate tracking codes. Revenue generated from any potential purchases is used to fund AndroidGuys. Read our policy.