Researchers have recently uncovered two unrelated threats that have the potential to turn some Android devices into remotely controlled bugging and spying devices.
The first risk, according to researchers at antivirus provider Bitdefender, comes in the form of a software framework dubbed Widdit, which developers for more than 1,000 Android apps have used to build revenue-generating advertising capabilities into their wares. Widdit includes a bare-bones downloader that requests a host of Android permissions it doesn't need at the time of installation.
"These permissions are not necessarily used by the SDK [software development kit], but requesting them ensures that anything introduced later in the SDK will work out of the box," Bitdefender researchers Vlad Bordianu and Tiberius Axinte wrote in a blog post published Tuesday. "Among the weirdest permissions we saw are permissions to disable the lock screen, to record audio, or to read browsing history and bookmarks."