Researchers Show WiFi Can Slip Malware Into Android Apps
Older versions of Android devices may be vulnerable to an attack that affects many apps. The problem is web-based content that developers have used in a programming interface commonly called Webview.
Researchers from MWR Labs warned that the connection between the Webview device and the Web content server may not be secure, particularly over WiFi connections. In an advisory published last week, the researchers said "The lowest impact attack would be downloading contents of the SD card and the exploited application's data directory. However, depending on the device that was exploited this could extend to obtaining root privileges, retrieving other sensitive user data from the device or causing the user monetary loss."
Google has not commented on the report.
Meanwhile Ars Technica cites similar findings from other researchers. The flaws discussed appear to only affect Android version 4.1 and earlier.