A flaw exists in the Google-led Android mobile platform that could let users be tricked into visiting malware-laden Web sites and unwittingly have their keystrokes recorded, The New York Times has reported.
According to the Saturday article, a researcher and former U.S. National Security Agency computer-security specialist, Charles Miller, told Google about the flaw last week. The article also quotes a Google security engineer, Rich Cannings, as saying the flaw's impact would be limited due to the compartmentalization of the Android platform.
"We wanted to sandbox every single application because you can't trust any of them," Cannings told The New York Times.
A Google spokesperson told ZDNet Asia's sister site ZDNet UK on Monday that the company was "working on a browser software patch for Android" and "coordinating with T-Mobile on a plan to soon deliver this update over-the-air to customers' G1 handsets"--the HTC-made G1 being the first Android handset to be released to market.
Google's spokesperson also said the company did not believe the matter would "negatively impact" customers' experience with the G1, which will be launched by T-Mobile in the United Kingdom on Thursday.
Miller has reportedly not yet publicized the technical details of the problem, but has said the flaw in the browser used in Android means a visit to a malicious Web site could lead to software being secretly installed on the handset. Such software could record keystrokes made by the user, thereby discovering private information and passwords.
Android is a complete mobile stack--from operating system to applications--that is being developed by the Open Handset Alliance, an industry consortium headed up by Google.
Play video
There are currently no comments for this post.