IDG News Service - Security researchers have recently found a vulnerability that could be used to hijack Android apps and devices, but an older issue that can have the same effect remains a significant threat nearly two years after its discovery, according to security firm Bromium.
A large number of applications and advertising frameworks embedded into applications use WebView to display Web content loaded from remote servers -- for example, ads. The problem is that many of these apps don't load the WebView content over an encrypted HTTPS (HTTP Secure) connection.
ComputerWorld/ Full Article Here/ http://www.computerworld.com/s/article/9250110/Android_vulnerability_still_a_threat_after_nearly_two...
The following article is a update.
Around 45 percent of Android devices have a browser that is vulnerable to two serious security issues, but some countries have a considerably larger percentage of affected users than others, according to data from mobile security firm Lookout.
The two security issues were discovered over the past month by a security researcher named Rafay Baloch and were described as a privacy disaster by other researchers. They allow an attacker to bypass a core security boundary, called the same-origin policy (SOP), that exists in all browsers.
The SOP prevents scripts from one domain from interacting with data from a different domain. For example, scripts running on a page hosted on domain A should not be able to interact with content loaded on the same page from domain B.