Charlie Miller of Independent Security Evaluators in Baltimore has informed the New York Times that he was able to install a keystroke logging application by redirecting the G1's web browser to a malicious web site that automatically installed the software.
Google has acknowledged the security flaw and points out that the sandbox-nature of Android limits the damage to a single application. Unlike other smart-phones and PCs, this security flaw only affects the web browser and will not compromise any other portions of the phone. Google has already patched the open-source version of Android and is currently working with T-Mobile and HTC to get the security patch out to current T-Mobile customers.
Last Updated on