Google pulls app that revealed Android flaw, issues fix

Google pulled an app from the Android marketplace that was created to illustrate a flaw in the mobile framework that allowed apps to be installed without a user’s knowledge. It then issued a fix for bug.

Jon Oberheide, chief technology officer of Scio Security, created a proof-of-concept app disguised as an expansion for the popular Angry Birds game. After the app was downloaded, three additional apps were installed without the user’s knowledge that had permission to perform malicious activities but were benign, he told CNET in an interview.

Oberheide and Zach Lanier, a senior consultant at Intrepidus Group, were scheduled to present their research on the Android vulnerability at Intel’s annual internal security conference in Hillsboro, Ore., today.

Before they got a chance to give their presentation, Google pulled the app, according to Oberheide. The company also began rolling out a fix for the issue, which applies to all Android devices, a Google spokesperson said in an e-mail late yesterday.

Read more about it here –  Google pulls app that revealed Android flaw, issues fix