NC State researchers trace Android vulnerabilities to manufacturers

11/06/2013 8:19 AM

11/07/2013 4:04 AM

Computer researchers at N.C. State University have found that security vulnerabilities are being inadvertently added by manufacturers.

Manufacturers like Samsung and HTC customize the Android platform by integrating their own software developed in-house or by third party partners.

A team led by N.C. State’s Xuxian Jiang investigated whether these customizations introduced potential security threats. Testing 10 Android smartphones from Samsung, HTC, LG, Sony and Google, they found that 60 percent of vulnerabilities originated from these “vender customizations.”

"We also found that 85 percent of the preloaded apps were overprivileged," Jiang says. An app is considered "overprivileged" if it requires users to give it permissions that the app does not actually use. "Seeing this many overprivileged apps indicates that the programmers developing the vendors’ apps are violating a well-known security principle, i.e., the ‘least privilege principle.’”

Join the Discussion

News & Observer is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere on the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Terms of Service