Spoofed Android apps can bypass security permissions
Google has always a lot of control over its products in the hands of its users, and Android OS is probably on of the best examples. When downloading an application, the user is shown just what said application needs to run properly. If the user doesn’t want the app to have access to certain things it requires, you simply don’t download it. Well, it seems that isn’t the case anymore, as there’s now a new bug in town, and it doesn’t need your stinkin’ permission.
A new bug found in Android can allow those with malicious intent to make a spoof application that seems harmless, only to find out that it can roam free on your handset, and download other, more dangerous applications to steal your personal data, without any permission by the user. Tricky tricky.
Intel security researchers Jon Oberheide and Zach Lanier have created such an application. It looks harmless – an Angry Birds add-on pack that after downloaded, will install a handful of programs that will track your location, steal your contacts, and give the hacker the option to send pay-per-texts. While this isn’t the first time we’ve seen this kind of hack attack, it will certainly be unsettling to most users, especially if this bug isn’t fixed pronto.
Refer here to read more details on Forbes.