Android Widgets: Security Threat With Open Home
Oh dear it seems as though there may be a pretty serious security issue present in Android OS, specifically related to Open Home. Open Home is a home replacement application that gives Android users a whole new series of themes. The problem is to do with permissions, and what Open Home can acess. Android’s home screen has open permission, giving the programme access to contacts and short cuts to apps. This means someone could develop an app to be used in conjunction with Open Home which replaces the home screen that could maliciously access the phone’s contacts and pass them onto a third party. Because the home screen has permission to app short cuts, a programme could be developed simply to reroute users to a fake programme that could steal username and password info.
It is these sorts of security issues that might make people wonder whether it was such a great idea for Google to give anyone free reign to release Apps into the market without any serious scrutiny. Apple’s App store may be restrictive and controlling but at least issues like this would never come about.
Androinica have got hold of a letter from an Android developer worrying about the dangers of using Open Home from Better Android:
I am an engineer on the Android Team and I worked on the default Home screen. I recently came across your Home replacement called Open Home. First of all, let me congratulate you for it, it has some very nice ideas and it’s good to finally see a viable 3rd party replacement for our Home screen. However, I would like to warn you about two very serious security holes in your application, both related to the way you implemented widgets.
(some texts removed….) * by Better AndroidHome runs with quite a few permissions, most notably the ability to read contacts. With your implementation of widgets, any application can offer a new widget that, once installed by the user, will silently use Home’s permissions to achieve whatever it needs. For instance, a widget could be easily modified to read all the contacts and upload them silently to a website. At no point the user will know that the widgets will make use of the “read contacts” permission.
The second security hole is the ability you give the widgets to spoof any other app. A widget could for instance find shortcuts on the Home screen and change their Intent or attach a different click listener to execute something entirely different. This way, a widget could for instance execute a fake Email app and grab the user’s password and emails. A widget could do much more too since they have access to all the information stored in the Home screen UI. These two very important issues are the reason why widgets were not implemented in Android 1.0. We need to implement them correctly to guarantee the privacy and safety or the user’s data.
As your application currently stand, I would strongly advise you to disable the widgets support until you come up with a secure implementation of widgets. You have customers who paid for your applications and it would be really bad both for them, you and Android if a malicious widgets started taking advantage of these security holes.
- -UPDATE UPDATE UPDATE- -
Better Android have been in contact to refute the claims in this post check ‘em out here.