It’s Pretty Easy To Make An Android App That Will Eavesdrop On User Calls Without Permission

Image: Flickr via Joe Howell

North Carolina State University researchers have uncovered a malicious little flaw in the Android mobile OS, reports The Register. Turns out its pretty easy to build and distribute an app that can do all kinds of terrible things users won’t want it to – including call recording.

When you install a new Android app, you set its “permissions” — you get to tell it what it can and can’t do. Google Maps should be able to access your location, for example, but Angry Birds has no business recording your phone calls.

This backdoor works by skipping this essential step. Upon installation, an app can potentially not tell you what it’s actually doing.

To demonstrate the bug, researchers created an app that was successfully able to do all kinds of things you’d never want an app to do without your knowledge – record phone calls, send unauthorized text messages, and track the phone’s (your) location.

The EVO 4G proved most susceptible to the problem while the Nexus S and Nexus One proved most secure.

Manufacturers say they are aware of the problem and should be addressing it shortly. Until then, be extra careful while installing your Android apps!

Article source: http://www.businessinsider.com/this-evil-android-security-bug-can-eavesdrop-on-your-phone-calls-2011-12