As quoted from TheRegister sec-net, on Wednesday (09/21/2011), there are two vulnerabilities in the Android that has been aged more than a month. But both have also closed.
The first slit, allows applications on Android phones installed secretly. This is a gap similar to that demonstrated by security researcher Jon Oberheide in 2010.
Oberheide when it was proved through an app which masquerades as an extension to Angry Birds. If the user installing the app, there are three other app that will be installed without permission which monitors the address book data, location and text messages.
The first time, the app that was available in the Android Market. But once caught, artificial Oberheide app that no longer exists in the official market.
The second gap is in the Linux kernel that became the basis of Android. This gap allows the app that had a limited authority can get full access to the device.
Oberheide and researchers Zach Lanier plans to reveal more about this gap in the conference Source, in Barcelona, Spain, November 2011.
One of the tricky things of Android is the operating system it is relatively rare issue a security update. Even if no, not all Android devices could apply any updates.
Just for example, Motorola Droid today officially still running Android 2.2.2. Though the version was issued in May 2010 and has quite a lot of loopholes that have been known.
Indeed, unofficially many users of Android devices are then put on another version of the system in the device. For example, using a custom ROM from independent developers or community.
source
