We wrote yesterday about research by Paul Brodeur of Leviathan Security Group on security weaknesses that are built into Google s Android mobile operating system. He showed that Android applications without any permissions can still access files used by other applications, including which applications are installed and a list of any readable files by those applications. In this question and answer session, he explains how a combination of loose application coding and insecure design makes Android a boon for advertisers and others who want to harvest data on mobile users.
Source: https://threatpost.com/interview-android-engineered-enable-data-harvesting-041112/76433/