Android software modifications made by smartphone manufacturers are responsible for various security weaknesses that make handsets more vulnerable to hacking, according to researchers at North Carolina State University.
The open nature of Google’s Android allows smartphone makers to add bespoke software to the original operating system, enabling their handsets to stand out from other Android phones. However, changes made by these companies caused over 60 per cent of the security flaws found in various phones.
“We were surprised by the overall insecurity,” said Xuxian Jiang, an associate professor of computer science at North Carolina State. This suggests that security is a low priority among phone manufacturers due to the pressure to come up with better and newer software, Jiang added.
Specifically, the researchers tested ten Android smartphones, of which five ran the second generation OS while another five were powered by variants of the fourth generation. Phone brands included LG, Sony, HTC and Samsung.
These phones were then tested against Google-branded phones with un-tweaked operating systems – a Nexus S and a Nexus 4.
To uncover the security vulnerabilities and their origins, the researchers classified the applications found in these phones into three categories: bespoke apps by vendors, those created by outside programmers, and those that came from Google’s Android Open Source Project. They then examined the access rights of these applications.
Interestingly, the authors of the study found that 86 per cent of pre-loaded apps asked for more access rights than needed. A game application, for example, asked for rights to view users’ phone books and photos.