Handsets sold by HTC, Samsung, Motorola, and Google contain code
that exposes powerful capabilities to untrusted apps, scientists
from North Carolina State University said. These “explicit
capability leaks” bypass key security defenses built into Android
that require users to clearly grant permission before an app gets
access to personal information and functions such as text
messaging. The code making the circumvention possible is contained
in interfaces and services the device manufactures add to enhance
the stock firmware supplied by Google.
This doesn’t seem to be getting much attention.