Sorry I was hugging my iPhone tightly. Android users check out the video of the security hole found in your devices after the jump.
If Google was just starting to forget about the Android malware threats from earlier this year, now it has another security headache: Researchers at North Carolina State University just discovered a new vulnerability in some of the most popular Android phones being sold today.
The security flaw, described in detail in this white paper, is specific to a certain implementation of the Android operating system, the researchers say, so it doesnâ€™t necessarily affect all Android phones. Most Android handset makers integrate their own software (sometimes called â€œbloatwareâ€) on top of the basic Android OS (for example, HTCâ€™s Sense interface) to serve up various services and differentiate themselves.
But that software is exactly whatâ€™s opening up certain phones to malware threats, the research says. Dr. Xuxian Jiang led a team that looked at multiple Android devices, and found that some of the pre-loaded applications that various manufacturers put in, like text-message notifiers, created a â€œbackdoorâ€ to the phone that third parties could exploit.
What sort of problems could arise? That depends on what sort of malware those hackers use. Theoretically, the vulnerability could be used to install software that records phone calls, send text messages, or even wipe the phoneâ€™s settings, according to Science Daily. Itâ€™s not clear if hackers could use the backdoor to actually â€œrootâ€ the phone, but if itâ€™s possible, all bets are off.
The good news: the researchers also tested phones running stock Android, and those phones were â€œbasically clean,â€ Jiang says. So was the Motorola Droid.
But many other popular phones are vulnerable. The research specifically names the HTC Legend, EVO 4G, and Wildfire S; the Motorola Droid X; and the Samsung Epic 4G. Most at risk are users of the EVO 4G, which displayed the most vulnerabilities. The EVO is the third most popular smartphone in the U.S., according to research from NPD.
Short of throwing your cellphone away, there are easy ways Android users can guard against malware. First and foremost: download only from trusted sources, like the Google Android Market. While the Market doesnâ€™t have a 100% spotless record on malware, itâ€™s still the biggest and most secure app store for Android, and when Google learns of any problem, it acts fast.
Besides that, users should use a screen password, install OS updates as soon as theyâ€™re available for your device, and caution from viewing sensitive information over public Wi-Fi. Finally, several security companies, such as Lookout and Norton, have free security apps that will help protect your phone from becoming a nest for viruses and trojans.
Jiangâ€™s research is ongoing â€” heâ€™s going further into the Android device catalog to see if any more phones are vulnerable to the same problem. Mashable contacted Google, Samsung, HTC and Motorola about the report, and weâ€™ll update this story with any responses.