A group of security researchers, including former NSA computer security expert Charles A. Miller, has discovered a security flaw in the G1’s web browser. The flaw could allow a hacker to trick a G1 user into visiting a malicious website that could install some nasty bugs on the smartphone (or com). Google was made aware earlier this week, and is working to release a patch to fix the flaw, but Android’s architecture inherently limits such a flaw’s potential damage.
The flaw affects only the G1’s browser, and the “sandbox” nature of Android limits the potential damage to only that one program. Interestingly, Miller is just now releasing the (admittedly limited) information to the press, stating that he feels smartphone users are not adequately aware of how risk-prone their devices can be. Google is a bit annoyed at Miller’s forthrightness, implying that “they believed that Mr. Miller had violated an unwritten code between companies and researchers that is intended to give companies time to fix problems before they are publicised.”
Google, T-Mobile, and HTC are all working together to fix the flaw, but Google is emphasising that the overall security of the phone is just fine, and a patch will be released as soon as possible. [New York Times]