New Android threat – applications can silently download nasty apps

As smartphones continue to grow in popularity and use the idea of them becoming an increasingly important vector for people who want to steal your information. At the Intel Security Conference in Hillboro, Oregon, two researchers plan on showing off a new security flaw in Android based handsets.

Jon Oberheide and Zach Lanier, two security researchers, have a proof of concept application that will silently download additional apps that will have full privileges on the handset.

An application demonstrating the previously undisclosed flaw is a another new Angry Birds app, promising new levels. As you may have guessed, this “new” app isn’t an official Rovio app, its a proof of concept created by Oberheide and Lanier that will install a number of different programs that could be capable of silently tracking a handsets location, stealing contacts or sending premium rate text messages.


The worrying aspect of Oberheide and Lanier’s new flaw is that it bypasses this in-built security check, allowing malicious apps to download other programs in the background without any notification to the user.

via The Next Web

When contacted Google noted that it was unaware of the flaw but was investigating.