Charlie Miller of Independent Security Evaluators in Baltimore told the New York Times hat he was able to redirect the G1′s web browser to a malicious web site.
Google responded that they knew of the problem, but that inherent security features would limit the extent of damage. Applications are “sandboxed” in Android, meaning each one is isolated from the others restricting what access they have to one another and the base system.
Miller’s trick allows installation of keystroke logging software, allowing a hacker to capture passwords or other private data entered on the phone.
Google complained that Miller did not allow them to develop a fix before going public with the flaw. But Miller’s attitude has always been that if he can hack a system, others can do the same thing quietly and users are vulnerable in the meantime.
This vulnerability is disturbing for many, due to many pondering the development of phones based on the Android software.
Next Story: Spotted: hands-on with the BlackBerry Storm