Researchers at North Carolina State University have discovered a bunch of flaws in Android and smartphones based on the open source mobile operating system.
According to an article on Apple Insider, rogue apps are able to circumvent the permissions based security system due to flaws plaguing the software running on millions of devices.
The researchers said that Google and Motorola acknowledged the findings of their security research while HTC and Samsung chose to ignore them.
The security flaws allow rogue apps to record calls, spy on users' location and even access sensitive information stored on the devices.
"Android provides a permission-based security model that requires each application to explicitly request permissions before it can be installed to run," the researchers wrote in the research paper titled 'Systematic Detection of Capability Leaks in Stock Android Smartphones.'
"By exploiting these leaked capabilities an untrusted app on these affected phones can manage to wipe out the user data on the phones, send out SMS messages (e.g., to premium numbers), record user conversation, or obtain user geolocations - all without asking for any permission," the report warns.