I spotted this yesterday but now the whole thing is spreading across the internet like wildfire. It’s all about a very worrying bug with Google Android, which was posted here and then posted at xda-developers.com. Now if you, like me, spend any time in Linux this is going to shock the pants off you. It appears that certain versions of the handset will process everything you type into the phone will get fed into the command line.. as root.
Wanna test it ? Try rebooting your G1 and type “reboot” then press enter. Try it in the dialer, or the text message app – bang, your phone will reboot. If you’ve got firmware revision RC29 and earlier then it’ll go ahead and process everything you type as “root” user in the command line. Woaha.. epic fail. If it wasn’t for the fact that Google can easily roll out updates to then this would be a fatal problem. If nothing else, it highlights why an operating system needs to be directly updateable by the people behind it. RC30 will fix this and many of you should have your phone updated already.
Links – code.google.com – xda-developers.com – android.jim.sh