A new proof-of-concept Android app has been rolled out by a security researcher that tweaks the settings of a device in such as way that no user permission is required any further to install other apps.
The app, according to many experts, has indeed come as a Christmas gift for the hacker community as it would give them a perfect platform to remotely access a device, without giving the slightest of clue to the victim.
The app exploits an already known issue in Android web search, and goes ahead by setting up a two way communication with a 3rd party, Thomas Cannon - the director of research and development in ViaForensics explained.
"On its own this attack could really only be used to read any data on the SD card, read some data shared by other apps, and read limited data about the device," Cannon said in an exclusive statement to ZDNet UK.
"It could download a root exploit at a later point in time and gain total control over the device," he added. Cannon further stated that the app does not exploit any flaw in the Android OS, but merely a feature.