Sprint HTC EVO 4G rooting tutorial is out. Big security holes found in Sprint’s Android customizations
When you give your latest and greatest phone to a few thousand developers, you should be prepared that your device will be hacked, pronto.
And that’s exactly what happened when Google gave away Sprint’s EVO 4G during it’s I/O conference last month. The handset has been rooted within hours. But you needed to really know what you are doing to unlock you EVO 4G until now.
Well, not anymore. Android Central, with the help from some XDA developers, has thrown together a pretty good tutorial of how to do it yourself. Which, with the tomorrow’s commercial availability of Sprint EVO 4G, could not come at a better time.
But there’s one more thing when you give a your handset to a crowd of hacking obsessed developers. Especially, if you mess with the underlying OS, locking it up and adapting it to the needs of your network.
You have to make sure, that your changes did not screw up the basic security of the device. And, it looks like Sprint screwed-up big time on this.
According to Matthew Mastracci from Grock.com, one of the guys behind the original root of EVO 4G, Sprint’s customizations seriously messed up the underlying security of Android OS:
The Sprint customizations of Android are so bad that any random Android application (with permissions or not) can basically get access to all of your data with very little work.
It seems that the same problem also affects Sprint’s HTC Hero devices too.
Now, do not get too scared right away, and don’t cancel your EVO 4G order just yet. The problem is not really that bad. Nobody will be able to take over your phone over 3G, Wi-Fi, Bluetooth, or by sending some clever SMS. You have to install a malicious app in order to get hit.
So, if you get all your apps through official Android Market, you should be rather safe. And, according to Matthew, Sprint has been very responsive about these security complaints, and is working hard on a patch.
Still, if you checked that “Allow install of non-Market applications” option on your EVO 4G, and are just about to install some app from third party, be sure you trust the source and know what you are installing.