Riley Hassell, a mobile security expert with Privateer Labs, caused a bit of a commotion last week when he made a last-minute decision to bail on the annual Black Hat hackers conference.
The conference is the largest of its kind, and Hassell had been due to outline several security holes in Android, but pulled out when he realised the information might be put to misuse.
"App developers frequently fail to follow security guidelines and write applications properly," explains Hassell. "Some apps expose themselves to outside contact. If these apps are vulnerable, then an attacker can remotely compromise that app and potentially the phone using something as simple as a text message.”
Hassell refused to identify the guilty apps, but concluded: "When you release a threat and there's no patch ready, then there is mayhem.”
Google says Android security experts perused Hassell’s research, but were far from convinced. Spokesman Jay Nancarrow would only confirm: "The identified bugs are not present in Android."
In any case, a fellow researcher reckons Hassell did the right thing in not attending Black Hat: "When something can be used for exploitation and there is no way to fix it, it is very dangerous to go out publicly with that information. When there is not a lot that people can do to protect themselves, disclosure is sometimes not the best policy."