Comments
Android Flaw Might Also Affect iOS, Windows
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/27/2014 | 7:47:29 AM
Re: So many white hats, so little common sense among developers
That's really the biggest issue isn't it?  Any app out there has the potential to be malicious and the markets have made it easier for people to get large audiences for their apps.  Look at an app like Flappy Bird, it was dirt simple yet became one of the most popular apps on the markets.  People installing it after the hype hit would have clicked yes if the ToS said they had to give up a limb.
asksqn
50%
50%
asksqn,
User Rank: Ninja
8/26/2014 | 7:03:49 PM
So many white hats, so little common sense among developers
So in order for this particular exploit to work, it has to use a "malicious" app to dishcharge its payload.  LOL. That only narrows it down to anything currently out there as they are all inherently malicious by design mostly in the form of privacy intrusions, transmitting any/all data back to the mothership without the user knowning about it save for the clickwrap ToS (which no one reads) upon installation.

 

 
mrao30001
50%
50%
mrao30001,
User Rank: Apprentice
8/26/2014 | 5:26:26 PM
Re: Defining criteria for apps
That's not going to help.  The only permission it needs is internet access.  Practically every app needs internet access.   So this code could be hidden inside an app that provides some genuine useful functionaility, gets a lot of great reviews because it does that job well and still be insidiously phoning in your information.  That's why this app is so scary.  It could be any great app that could be doing this and we would be none the wiser. The only fix for this is for Google to prevent this from happening by changing how the shared memory is being used.  I don't know enough of the details on how this actually works, but from their statements, Android seems to be intentionally designed to provide this access (presumably for some useful reason).  So changing this may take some doing and possibly break some other good apps.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
8/26/2014 | 9:48:44 AM
Re: Defining criteria for apps
app developers have to be more open to their users.  If they are to access your contact folder or other folder, users should have the right to know about it. 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/26/2014 | 9:23:25 AM
Re: Defining criteria for apps
The more granular permissions would be a good start as long as developers use them properly.  My biggest issue with app security is that I see all kinds of crazy permissions requested.  Like why does a game need access to my contacts?  Things like that are an immediate closing of the app on the Play store.
securityaffairs
50%
50%
securityaffairs,
User Rank: Strategist
8/25/2014 | 6:22:12 PM
Side channel attacks
Side channel attacks are hard to tackle and remind us the importance of physical security of devices.

 
WaqasAltaf
50%
50%
WaqasAltaf,
User Rank: Ninja
8/25/2014 | 3:11:19 PM
Re: Defining criteria for apps
Pedro, I partly disagree. I agree to the extent that future developers will be able to learn much from this flaw but I disagree that it will not cause harm because now many know the problems with the OS including hackers.
rradina
50%
50%
rradina,
User Rank: Ninja
8/25/2014 | 2:54:06 PM
Why Is This News?
We've known for years that a compromised OS cannot be trusted and most even go so far as to claim it's like a horse with a broken leg.  Why is it revelation when we discover that a mobile OS isn't safe when compromised by similar tactics?

While it's always good to add more layers of protection, if a malicious application managed to install itself on your device, do you still trust your device if fine-grained control makes it harder for background spy apps to steal data?
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 2:41:04 PM
Re: Defining criteria for apps
The impact is much more than mobile applications. Google is commanding an IOT strikeforce and plans to have its stronghold in the IOT industry. Such accusations against Google's products that question Google's security might be image disturbing for the company.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 2:37:51 PM
Re: Defining criteria for apps
Amping up the security would mean nothing. Nothing is impenetrable. Not even NSA's defences against independent hackers. What could be done is maybe have all the app developers supported by Google Store have a time-generated signature (like a key) that enables them to upload the app in the android device. This signature would be generated by Google's engines and it would be one time use only. Its like Google saying "Oh so you want your customer to download your software? Please, what is the password again?"
Page 1 / 2   >   >>


Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.