Smartphone tests reveal Android security issues
By Evelyn Tsai, Special to The China Post
July 9, 2014, 12:01 am TWN
TAIPEI, Taiwan -- The Consumer Protection Committee (CPC, 消保處) yesterday announced that extensive testing has revealed information security vulnerability in three popular Android smartphones, adding that a number of inadequacies have been addressed since the examination.
Handsets tested by the committee include the HTC New One, the Samsung Note 3 and the Sony Xperia Z1.
The tests were conducted by the Institute for Information Industry last October (III, 資訊工業策進會) to check for common security vulnerabilities listed by the Open Web Application Security Project (OWASP) community, and the U.S.-based SANS Institute.
“In light of the estimated 11 million smartphones in Taiwan connected to the Internet via a mobile browser as of May of this year, the complete list of Android smartphones with known security vulnerability will be announced only after inadequacies have been addressed, to prevent further cyber attacks,” said CPC chief Liu Ching-fang.
"Throughout the tests, 13 security risks including eight types of inadequate encryption, four types of improper permission settings and 1 type of insufficient security certification were discovered." said a senior engineer from III.
Of the inadequacies listed above, four were found on the HTC New One, while the Samsung Note 3 phablet tallied at three and the Sony Xperia Z 1 at six.
A senior engineer noted that as textual information generated with note-taking applications is saved in the smartphone's SD card, the memory expansion slot may be the main culprit of security vulnerabilities found on the three handset models.
In addition, a number of mobile apps are known to transmit vital account and password information without encryption, whether by malicious design or oversight, exposing consumers to data theft and cyber attacks, said an III engineer.
The committee stated that as Android is the system most commonly adopted by manufacturers and has the most users, it was chosen to undergo the security assessment first. The committee, however, stated that consumers should not be misled into believing that Apple's iOS system is more secure on account of the test's outcome. The committee emphasized that tests will be devised to detect potential security vulnerabilities in Apple handsets.
“To ensure smartphone security, users are advised to update their systems to the latest version constantly, install anti-virus software, refrain from installing and using applications from unauthenticated sources, close unnecessary services and keep alert,” said the committee.