Google fixes XSS security hole in web Android market

Google has fixed a cross site scripting security hole in web-based Android store. The security hole allowed attackers to install apps on Android devices without the user’s consent – and without requiring physical access to the device.

The exploit was fixed after Android security specialist Jon Oberheide reported this to Google. According to him, it was possible to remotely install arbitrary applications with arbitrary permissions onto a victim’s phone simply by tricking them into clicking a malicious link (either on their desktop OR phone).  The exploit works universally across all Android devices, versions, and architectures.

Well the security hole is fixed now, so no need to worry.

Via Jon


Post Author: Gaurav Shukla

Gaurav Shukla is the editor of AndroidOS.in. If you'd like to reach him, drop an email at 'gaurav@androidos.in' or connect with him on Twitter (@gauravshukla).

Leave a Reply

Your email address will not be published. Required fields are marked *