FireEye has some new research that has found that of the free apps with over a million downloads, 88% use some cryptographic functionality provided by the Android platform and 62% of these have cryptographic vulnerabilities. What this means is that while the authors and the end users of these apps might think data is secure, […]
Archive for the 'security' Category
Two Android security problems have hit the news over the last few days. The first is a problem with java.io.ObjectInputStream on ALL devices prior to Lollipop. It’s not a problem in itself in that the user needs to somehow accidentally install a malicious app. The second is one such app, NotCompatible, that has been around […]
Arxan has a free State of Mobile App Security research report (pdf) that claims a very large proportion of the top paid/popular Android and iOS apps have been hacked. Hacked apps either have IP stolen that’s used in other apps, have clones created or the apps are modified to remove payment mechanisms.
Related Articles:WebView UnbundlingAndroid GrowingAndroid […]
There’s an interesting post on ars technica on "Unwrapping Lollipop" talking to "high ranking members of the Android team" about changes to the OS. It includes a very useful breakdown of what’s now in the Android OS, what’s in Play services and what’s distributed via the Play Store.
Of particular interest is that WebView has been […]
Some of the vulnerabilities in Android allow code to be run as root. Alternatively, if users root their device malware can already run as root. However, what can such code then do?
Nitay Artenstein and Idan Revivo of Checkpoint Research have a new presentation and white paper on how intercepting IPC, via the Android Binder, can […]
Bidouille has some great charts showing how Android version distribution has changed over time. They are based on values taken, over time, from Google’s own Android dashboard. However, remember there’s possibility that these charts might not represent the actual distribution of devices as not all devices (or users) access the Play Store.
What with few manufacturers […]
I have previously written (here, here, here, and here) about Android apps that fail to validate SSL certificates. CERT has started to name and shame libraries and apps that their Tapioca tool has detected to be vulnerable to Man In The Middle (MITM) SSL attacks. There’s a blog post on how they have automated the […]
You might think this problem has low risk as not many people would enable accessibility features that are intended to assist users with disabilities. However, even I have […]