Various reports yesterday including a story on CNETindicate that there are security flaws within the Android Operating System (both ICS and Gingerbread were tested) that can allow apps to access personal information on the device memory and send it without the smartphone user ever being aware.
A member of the Leviathan Security Group, Paul Brodeur, made an app to validate the claims. The app can successfully:
– Access and gather information from both internal and SD memory on a device.
– Gain access to unique device ID’s such as the Android ID and SIM ID.
– Transmit said accessed data via the Android web browser, without the browser being the in use app on the screen.
Hopefully this will be quickly patched in an Android update.