Comments
Android Flaw Might Also Affect iOS, Windows
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 2:34:25 PM
Re: Interesting (and scary!)
That is right. If there are going to be security checks from the website, there shouldn't be malicious apps tracking user sensitive data (required as login to those websites) to put to use. I think it's time developers made a meeting about such attacks and see if they could change the architecture that supports the regular checkup system in android.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Author
8/25/2014 | 12:55:05 PM
Re: Defining criteria for apps
Google has already moved to address this with more granular permissions in Android. Given that the technique discussed requires a malicious app to already be installed on the target device, publication of this research isn't likely to change the security situation very much. But clearly the OS vendors need to take a look at this.
eamonwalsh80
50%
50%
eamonwalsh80,
User Rank: Strategist
8/25/2014 | 11:19:23 AM
Interesting (and scary!)
Given that I use both GMail and Amazon apps, I was suitably impressed by the study as well as scared. Personal information in mobile devices is a given these days. The sophistication for Google was the fact that they didn't cache your data at client end so you had to go through their server security checkpoint every single time. But that becomes a vulnerability with a background 'man in the middle' app sniffing around now. By contrast Amazon becomes far more unpredictable to shadow like that. A look at the modern enterprise security report from HP gives more clue (bit.ly/1l8KNdv). Good share!
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
8/25/2014 | 9:56:39 AM
Re: Defining criteria for apps
I agree. It not worth it to download apps if most of them do not offer proper security.  Specially now that people carry a lot of their personal information on their smartphones.
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/25/2014 | 7:28:11 AM
Re: Defining criteria for apps
It makes me wonder if we'll see fewer developers taking the kitchen sink approach to applications.  I see so many apps that want access to half the features of my phone which typically means I don't install it.  Maybe we will get leaner apps with a little more thought put into security and walling off functions.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
8/24/2014 | 1:34:37 PM
Re: Defining criteria for apps
I think this is an interesting finding by the university.  The impact of such flaw is huge.  I agree that future developers will be able to take this into consideration as they improve the security of their future applications.  Such information is available only to a small group of individuals specially in academia.  Making this information available to the public in the end benefits developers rather than cause harm.
WaqasAltaf
50%
50%
WaqasAltaf,
User Rank: Ninja
8/24/2014 | 12:33:29 AM
Defining criteria for apps
Thomas, negatives apart, this research will not only help developers of apps to ensure that their apps are secure but also help OS developers to define criteria which must be met if the apps are to be deployed. Must be of more interest to Android as they don't deploy much screening over apps allowed to be installed.
WaqasAltaf
50%
50%
WaqasAltaf,
User Rank: Ninja
8/24/2014 | 12:28:56 AM
Revealing it to hackers
Thomas, the research is impressive but disclosing such weaknesses in public may invite many hackers looking for an idea and now they have it. I think Android, iOS and Windows will not be excited at the university researchers disclosing these facts in conferences followed by masses. 
<<   <   Page 2 / 2


IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.