Security flaw found in T-Mobile G1 Android software

T-Mobile G1

The T-Mobile only hit the market this week and already a security flaw has been found in the Google Android browser. The flaw could allow a site to install software unbeknownst to the user. For example, a keystroke logger could be used to capture personal information such as passwords.

Google confirmed the issue and has already fixed it in the open-source version of Google Android and is working with T-Mobile and HTC to fix it for the G1. Given that the G1 supports OTA updates, T-Mobile should be able to push the update out to users as soon as it is ready.

Google also suggested that the damage of such a vulnerability would be limited to some degree by the software compartmentalization used in the Google operating system. I suspect that this is but cold comfort to anyone whose personal information could be stolen by this vulnerability.

Read more about this story