Archive for the 'security' Category

Severe Security Flaws Found In Security Apps

Friday, August 1st, 2014

Trend Micro has a post on how flaws have been found in some file locker apps. The problem is that developers have mistakenly thought that hiding sensitive information makes it secure. Unfortunately, you can’t get security through obscurity. The scary thing is that consumers have been trusting these apps with their particularly sensitive information. One […]

Android Security Perfect Storm Pending?

Tuesday, July 29th, 2014

Last January I reflected on my Android-only strategy and commented that a worrying area is Android security. The severity and number of vulnerabilities has since grown. For example, only today, the FakeId bug was publicised that affects all versions of Android from 2.1 to 4.4. Allied to this is poor security in top used apps. […]

Has Your Android App Been Repackaged as Malware?

Friday, July 25th, 2014

Trend Micro have an interesting recent article on repackaged Android apps. That is, apps that have been downloaded, reverse engineered, modified and re-uploaded to app stores to look like the original app. Modifications often include malware to capture private data and/or generate income from advertisements. Trend Micro found that nearly 80% of the top 50 […]

Facebook Mobile SDK Vulnerability

Thursday, July 17th, 2014

Last week I came across a post by MetaIntell regarding a Facebook SDK vulnerability under iOS and Android "affecting billions of installations". I have used the Facebook SDK in multiple Android apps so dug deeper.
There’s more information on the MetaIntell blog. On iOS, the Facebook SDK is storing access tokens in the app’s .plist and […]

What You Ought To Know About Android WebViews

Friday, July 11th, 2014

Do you use WebViews in your Android app? If you say ‘no’, are you sure? What about 3rd party libraries/SDKs that you have included? Many such as ad libraries, Facebook and LinkedIn use WebViews.
In researching references for AndroidSecurity.guru I realised the use of WebViews is probably the area most overlooked when it comes to security. […]

Android Malware War of Words

Friday, July 4th, 2014

Google’s head of Android security, Adrian Ludwig, has said that people buying anti-malware software for Android will probably get no extra protection over that already provided by Google Play services. The risk of potentially harmful applications ending up on users’ devices is significantly overstated and the actual risk of a damaging app being installed is […]

How To Write Secure Android Apps

Wednesday, July 2nd, 2014

If you follow this site you will know I take a special interest in Android security. As a result of a particular project, I have taken an even deeper interest more recently and have come to the conclusion, having read lots of papers and studies, that many Android developers unintentionally make some very poor security […]

Android Piracy and Fraud Woes

Wednesday, June 25th, 2014

Swrve has some new research that shows that 19% of Android in-app purchases (IAP) are frudulent. Swrve used their ‘fraud filter’ to compare on-device purchase events against Google Play receipts to determine if they were valid or fraudulent.
What does this mean? How can it happen? There are some hacking apps that, if used to run […]