An HTC Desire has been used at a leading security conference to demonstrate security flaws in the Android operating system.
Researchers at the Black Hat conference claim that the flaws allow hackers to steal personal information or record conversations.
In a demonstration, the researcher showed how a vulnerability in the web browser on an HTC Android phone was, after he was able to install an application that gave him total control over the phone.
The researcher from MWR InfoSecurity showed that the application could re-install itself with greater privileges and give a hacker broad powers, including recording.
The Financial Review said that the Black Hat presentation was the latest in a series of findings in the past two weeks raising concerns about the security of Android phones, which have overtaken those made by Apple to claim 25 per cent of the global market in the third quarter, according to Gartner.
Another team presented a similar scenario at a security conference in Oregon, using what appeared to be an innocuous application for a popular game – Angry Birds – that in turn installed malicious programs.
“We’ve begun rolling out a fix for this issue, which will apply to all Android devices,” Google said.
“As always, we advise users to only install applications they trust.”
The MWR researcher, a browser expert who uses only the first name Nils, agreed that Google could easily fix the holes he used to break into Android.
But he said that Google’s fragmented model of distribution, which includes multiple handset manufacturers and many carriers, means that some owners of older Android phones will remain exposed for an extended period.