Pierre Bezukhov (1866830) writes "Researchers led by North Carolina State associate professor Xuxian Jiang have discovered a serious flaw in the Android OS's approach to app security.
They found that some pre-loaded apps and features from Android device manufacturers could be exploited by hackers.
Jiang's study characterize the vulnerability as a "classic confused deputy attack," in which one app (virus) tricks another (legitimate) app or feature into leaking information or capabilities it has permission to access.
The breach of some of these permissions could allow hackers to "wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geo-locations," the study stated."
Link to Original Source