The Register reports two serious security vulnerabilities in Android has remained unpatched for more than a month, and allows apps to be installed without permission, and also apps to escape from the Android sandbox and do pretty much whatever they want.
â€œThe Android Market ecosystem continues to be a ripe area for bugs,â€ said security researcher Jon Oberheide in an email. â€œThere are some complex interactions between the device and Google’s Market servers which has only been made more complex and dangerous by the Android Web Market.â€
The Register notes than Google has been slow in updating Android, and also that even when Google does release updates handsets are slow to receive then, leaving many users vulnerable to old exploits.
On Android exploits are more than theoretical, and are in fact found in the wild often, stealing not just private data but also costing users large amounts of money in premium phone calls.
The Windows Phone 7 Marketplace aims to provide better security and a more coherent update story, keeping Windows Phone 7 users safer than on Android.
Read more at The Register here.