Riley Hassell created a bit of a stir when he called off an appearance at the annual Black Hat hacking conference in Las Vegas, but was finally collared by Reuters and asked why.
It turns out that he and colleague Shane Macaulay decided not to lay out their research at the gathering for fear cyber criminals would use it to attack Android.
There were more than a dozen holes in common Android applications that make the phones vulnerable to attack.
Hassell said that app developers frequently fail to follow security guidelines and write applications properly. As a result some apps expose themselves to outside contact.
He is still refusing to identify those apps, saying he fears hackers might exploit the vulnerabilities.
Hassell is founder of security outfit Privateer Labs. He said that if you release a threat and there's no patch ready, then there is mayhem.
Google had been notified, but a company spokesman said that the flaws had nothing to do with them.
Hassell said he plans to give his talk at the Hack in The Box security conference in Kuala Lumpur in October, we guess by then the dirty dozen will have sorted their act out.