Another day, another overstated and sensationalised security scare!
I don’t normally take too much notice of this sort of thing, but I’ve had a few emails asking me to investigate and report on the latest security scares for Android.
This time round, the “scare” is based around an app that was written out of curiosity to see what an app that has no permissions can do and access. To clarify, by no permissions: We mean nothing, zero, zip, nada!
So what can the app do that’s caused such an uproar I hear you ask?
Grand scheme, not a lot!
The first threat to your phone’s security is that it can view a full list of the installed apps on your phone. Despite hearing many arguments, I still don’t see how this is a security threat. The biggest possible threat I can see to this is if you happen to have an app that has a known security flaw in it, all it’s going to do is potentially tell malicious developers that you’ve got an app which could allow them a back door into your phone.
The second access that the permission-less app has is that it can read and write to the /proc directory. This is a Linux thing, basically it’s a caching directory that can reveal how much ram, battery and other minor (non vital) system cache information to the app. It just get’s scarier and scarier doesn’t it?
Finally the one that’s caused the most concern with the least justification is the access that the app has by default to the SD card. The reality being, while SD cards can be removed from your phone for data transfer with a Windows based machine the SD card is always going to be open for apps to read from and write to. The other option is the SD card is encrypted to your device, making it useless in another without formatting and you will not be able to transfer your data (including photo’s) to desktop machines or laptops.
Yes it’s concerning that an app with no permission can access what could be viewed as private data, but personally I don’t find this to be a concern. One of the best summaries of this I have heard recently was Adam Turner on Tech Talk Radio:
“iOS vs Android is about trade offs, with Apple you’ve got security but less freedom. On Android you have the advantage of doing what you want and need to, but you do sacrifice some security because app’s don’t run in their own sandbox they way they do on iOS”
I find it quite comforting to know that there are people investigating issues like this and helping to educate the average Android consumer, rather than find out the hard way that something has gone wrong.