Security duo find new holes in Android

In late 2010, Jon Oberheide and Zach Lanier put an app in the Android Market to prove hat malicious developers could install additional applications without a user having the least clue trouble was lurking. They were trying to prove a point and Google got the message, quickly removing the "malicious" app and issuing a fix for the vulnerability.

Now the two have identified a couple of new vulnerabilities in Android and they've gone public with a YouTube video spelling it out. They're also drumming up some nice advance publicity before departing for Barcelona in November where they will be participating in a mobile security training course.

The first bug is described as affecting all Android handsets, regardless of OS version, allowing attackers to install additional applications without needing to ask permission. The other vulnerability is specific to the Samsung Nexus S, letting an attacker gain root access and then gain full control over the handset.