Last January I reflected on my Android-only strategy and commented that a worrying area is Android security. The severity and number of vulnerabilities has since grown. For example, only today, the FakeId bug was publicised that affects all versions of Android from 2.1 to 4.4. Allied to this is poor security in top used apps. […]
Archive for the 'security' Category
Trend Micro have an interesting recent article on repackaged Android apps. That is, apps that have been downloaded, reverse engineered, modified and re-uploaded to app stores to look like the original app. Modifications often include malware to capture private data and/or generate income from advertisements. Trend Micro found that nearly 80% of the top 50 […]
Last week I came across a post by MetaIntell regarding a Facebook SDK vulnerability under iOS and Android "affecting billions of installations". I have used the Facebook SDK in multiple Android apps so dug deeper.
There’s more information on the MetaIntell blog. On iOS, the Facebook SDK is storing access tokens in the app’s .plist and […]
Do you use WebViews in your Android app? If you say ‘no’, are you sure? What about 3rd party libraries/SDKs that you have included? Many such as ad libraries, Facebook and LinkedIn use WebViews.
In researching references for AndroidSecurity.guru I realised the use of WebViews is probably the area most overlooked when it comes to security. […]
Google’s head of Android security, Adrian Ludwig, has said that people buying anti-malware software for Android will probably get no extra protection over that already provided by Google Play services. The risk of potentially harmful applications ending up on users’ devices is significantly overstated and the actual risk of a damaging app being installed is […]
If you follow this site you will know I take a special interest in Android security. As a result of a particular project, I have taken an even deeper interest more recently and have come to the conclusion, having read lots of papers and studies, that many Android developers unintentionally make some very poor security […]
Swrve has some new research that shows that 19% of Android in-app purchases (IAP) are frudulent. Swrve used their ‘fraud filter’ to compare on-device purchase events against Google Play receipts to determine if they were valid or fraudulent.
What does this mean? How can it happen? There are some hacking apps that, if used to run […]
It seems that Android is getting a lot of negative press at the moment concerning security. A few days ago it was Towelroot and yesterday it was ransomware (here in the UK). It turns out Google is already detecting Towelroot apps on the Play Store and the ransomeware itself used poor coding practices that allow […]