Skip to main content

Google spills the beans on Android bug

Google tries to make up for Android flaws
Google tries to make up for Android flaws

Google has finally revealed what fixes it has put in place to get Android back up to speed after two key errors were highlighted.

The most recent problem came when it was discovered that users were given top-level administrator privileges automatically on their handsets, and any text they entered could be read as a system command.

The problem was discovered when an unsuspecting user typed 'reboot' in a text, and the phone responded by shutting down and restarting.

The handset is designed to be able to work from a remote device attached by serial port, but given the lack of such an input, the phone just used the keyboard instead.

Big bug

"We tried really hard to secure Android. This is definitely a big bug," Rich Cannings, of the Android security team, said according to ZDNet. "The reason why we consider it a large security issue is because root access on the device breaks our application sandbox."

However, he did say it would be difficult for malicious hackers to exploit the flaw, as it would require the user to download a programme that forced them to type in certain commands to give the hacker access.

The other flaw fixed in the update was the browser vulnerability that meant certain websites with malicious code built-in could be used to assume control of the browser.

The update helped fix this and other problems in the browser, caused by Android shipping with older versions of software, and would allow malicious hackers to assume control of certain parts of the phone.

At least Google can hold its hands up when necessary... albeit only when things have been fixed.

Gareth Beavis

Global Editor-in-Chief

Gareth was in charge of phones, tablets and wearables at TechRadar for the best part of a decade and now runs the entire editorial team. He can instantly recommend the best phone for you, or can be found running around the nearest park with the latest fitness tech strapped to his wrist, head or any other applicable body part.