In today’s installment of crazy stuff from Mountain View: Aaron Souppouris for The Verge reports:
The CoolIris Android gallery, the stock gallery app used in many devices running Android 2.1 – 2.3, has been found to store unencrypted copies of complete addresses that could theoretically be accessed and transmitted by a malicious app with no system permissions. The issue came to light when we started investigating a security issue in Android found by Paul Brodeur from Leviathan Security Group. Brodeur created an app named No Permissions which highlights flaws in Android’s permission system that would allow an app to access your data.
Over 90% of all Androids run on these versions. I’m sure Google and the carriers will get right on that.
Google declined to comment on any of the issues mentioned in this report.