NC State researchers trace Android vulnerabilities to manufacturers

Posted by Matthew Fortner on November 6, 2013 

Computer researchers at N.C. State University have found that security vulnerabilities are being inadvertently added by manufacturers.

Manufacturers like Samsung and HTC customize the Android platform by integrating their own software developed in-house or by third party partners.

A team led by N.C. State’s Xuxian Jiang investigated whether these customizations introduced potential security threats. Testing 10 Android smartphones from Samsung, HTC, LG, Sony and Google, they found that 60 percent of vulnerabilities originated from these “vender customizations.”

"We also found that 85 percent of the preloaded apps were overprivileged," Jiang says. An app is considered "overprivileged" if it requires users to give it permissions that the app does not actually use. "Seeing this many overprivileged apps indicates that the programmers developing the vendors’ apps are violating a well-known security principle, i.e., the ‘least privilege principle.’”

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service