by Al Sacco

Android App Permissions May Spark False Sense of Security

Dec 20, 20112 mins
MobileMobile SecuritySecurity

Think you can protect your Android device, and the personal information stored on it, simply by properly managing app permissions? Think again.

Google’s Android OS has been the target of much criticism and speculation recently, due to its ongoing—and growing—issue with mobile malware and overall mobile security. Indeed, it seems like every week some security company or code monkey comes up with a new exploit that exposes another chink in Android’s armor.


Earlier this month, I penned a post with my technology predictions for the coming year, and atop that list was an influx of new mobile security threats, namely Android security threats.

Today, I received a message from Web security company Via Forensics, and the e-mail made me feel even more certain of my 2012 Android security prediction.

Via Forensics has posted a video clip that purportedly demonstrates the ability to install an Android application on a device, which requests no specific permissions, or access to Android system resources or sensitive data, but can still access these resources and personal information, i.e., give potential Bad Guys remote access to your Android device and data.

The company claims the exploit isn’t new—though I’ve never heard of this way to “circumvent” Android’s app permissions system. But it certainly brings into question the conventional wisdom that being vigilant, paranoid even, when it comes to setting your Android app permissions can protect your Android mobile device from hackers.

It also spotlights the need, on users’ parts, to download apps from only trusted and/or official sanctioned app stores, like Google Android Marketplace, as I suggested in a recent Android Security Tips story. And the video highlights the growing need for app store owners and/or administrators like Google to step up their efforts to test and vet software for malware or other potential harmful components.

So, while Android application permission can certainly help protect your mobile device from dangerous software, they’re not at all foolproof, thanks to the Android OS architecture and “openness”—at least according to Via Forensics.

Check out the Via Forensics video clip below for more details.