Android Gingerbread saddled with massive security flaw
Allows for unwanted guests to grab your banking and contact data
Serious security issues have been exposed in Google’s current iteration of the Android platform last week that can lead to a user’s banking data being up for grabs by malicious third parties.
A researcher at North Carolina University has found that a similar bug from previous versions is alive and well on Android Gingerbread (2.3.x).
It centres around accessing the user’s MicroSD card via Java code, which in turn allows for uploading of pretty much every bit of personal data you can think of to a remote server without the user’s permission - contacts, messages, stored cards, and the like.
Don’t set fire to your Nexus just yet, though, as there are a few ways around the issue while Google works on fixing it.
The simplest of which is just to use a different browser from the default option, but if you have a personal vendetta against Firefox/Opera, then you can also either disable Javascript or remove the MicroSD card from the handset altogether.
The Abstract [via Engadget]