Vulnerability Abstract

Title: Vulnerability in AnGuanJia (安全管家) for Android
Time: 14 Dec 2011
Author: Daoyuan Wu*, Xiapu Luo* and Rocky K. C. Chang
Department of Computing, The Hong Kong Polytechnic University, Hong Kong
* authors with equal contributions
CVE ID: CVE-2011-4773
Category: Newly Released
Related Vendor: 北京安管佳科技有限公司

Application Information

Archive Time: December 14, 2011 08:03:41 PM HKT
Package Name:
Full Name: AnGuanJia ("安全管家" in Chinese name)
Affected Version: 2.10.343 (the latest version in 14 Dec 2011)
Package Installs: 50,000 - 100,000
Market Link:
Update Log: 2.58 also has this vulnerability!

Vulnerability Details

Status: Breif impact description now releases to public.
Breif Description: Allow a malicious application to access and manipulate user’s blacklist, sensitive sms, contacts, call logs and etc.

Vendor Response

Contact Time: Dec 16, 2011 at 4:16 PM HKT
Confirm Time: Dec 16, 2011 at 6:24 PM HKT
Patched Time: They didn't notied us about detailed patch time and version.
Patched Status: We've checked two versions, 2.60 and 2.63, which have patched the vulnerability.

Important Notes

Although we only mention one or several affected version in our report, other versions may also be vulnerable, e.g. lower version, pad version or paid version.

Related Vulnerabilities