Oh dear, hackers at this year’s DefCon conference have exposed a design flaw in the Android operating system which can potentially allow malicious users to steal data via phishing as well as display those annoying pop-up ads.
The folk over at Cnet report that potentially if an Android device has been compromised, it could mean that if a user was to open what they believe to be their official bank app, it could indeed be re-directed to a fake login page where the user would unwittingly give away their login credentials.
Nicholas Peroco of SpiderLabs at Trustwave, says the flaw, which is called a Focus Stealing Vulnerability could be used for various malicious attacks on Android users, although Google has responded by saying that “Switching between applications is a desired capability used by many applications to encourage rich interaction between applications. We haven’t seen any apps maliciously using this technique on Android Market and we will remove any apps that do.”
With this vulnerability being highlighted at DefCon, no doubt Google will be keeping a keen eye on apps being published to the Market.
Let us know your thoughts on this by leaving us your comments, or tweet us @Gadget_Helpline