Android is not very well known for being the most secure operating system, and a newly discovered flaw in the Android browser, the default up to Android 4.2, could means hundreds of millions of Android users private and sometimes financially sensitive data are up for grabs by hackers.
Ars Technica reports a bug reported on the 1st September by researcher Rafay Baloch which allows cross site scripting on in the Android browser, used by between 40-50% of Android users, including the majority who use Android Open Source Project in developing markets.
Google initially denied the hack, but after a Metasploit module was developed Google admitted the issue, and said they would be working on a fix.
The bug could easily be used to steal Paypal cookies for example, allowing hackers to log into your account, and Metasploit developers have called the problem a “privacy disaster.”
Of course browser flaws are common, especially on Windows. What makes the issue very dangerous on Android however is that the vast majority of Android handsets, particularly the older versions, are no longer supported by OEMs, and with Android browser being an OS module, not a Google store app, these handsets will generally need a firmware update to fix.
Research has revealed more than 97% of malware targets Android, and that Android malware infections now outnumber Windows infections on mobile networks. With Microsoft believing security is a major differentiator for Windows Phone, Android users, especially on AOSP, should be asking themselves if its time to switch to a safer platform that is still affordable and offers a wide range of form factors and features.