website statistics

Research Says – Poor Android App SSL Implementations Leave Serious Vulnerabilities

Reporter: [+]  Under: Android  On October 22, 2012  Comment  Add to Bookmark  Add to Readlist
A number of researchers, who have been examining the security of Android apps, have revealed that a significant number of these apps have poor SSL implementations, leaving critical vulnerabilities.

When do you use Facebook?

View Results

Loading ... Loading ...
1 Star2 Stars3 Stars4 Stars5 Stars (Rate This)
Loading ... Loading ...

Google has been trying to up the quality of apps in the Google Play store. However, Android apps still lack a lot when it comes to security and quality, in comparison with iOS apps. Now, a new group of researchers has confirmed this, citing poor SSL implementations in many Android apps.


Google Play

The research was a joint collaboration between multiple German universities and during the course of it, 13,500 popular Google Play apps were analysed. Surprisingly, more than 1,000 of these apps had rather poor SSL/TLS implementations, leaving them open to serious security exploits.

Poor SSL implementation in an app leaves it open to the middle-man attack. This means that a person can intercept critically important data between the user and the app developer. The data may comprise of personal information as well as financial credentials.

To prove the case, the researchers mounted a proof-of-concept attack against the vulnerable apps and were able to gather credit card numbers, bank account details as well as detailed information of the users’ social media accounts.

According to the paper published by these researchers, “Of the 100 apps selected for manual audit, 41 apps proved to have exploitable vulnerabilities. We could gather bank account information, payment credentials for PayPal, American Express and others. Furthermore, Facebook, email and cloud storage credentials and messages were leaked, access to IP cameras was gained and control channels for apps and remote servers could be subverted.”

While that serves as a reminder for Google to improve the security of the apps it hosts on Google Play store, it is also a warning for the users. While the official apps from notable vendors are often fool-proof security-wise, third-party apps are not always secure.

A security researcher advised Android users to be careful when using such third-party apps, “As far as users go, I think the biggest lesson to be learned is that downloading third-party unofficial apps can be risky (eg.  downloading an unofficial banking app instead of the one actually released by your bank) for a number of reasons including poor coding practices.”

Source: Research Paper

Courtesy: Threat Post

Buy Cheapest Related Product From Amazon.com


NASA Developing A Service Robot That Will Refuel Satellites
Rovio Teases Angry Birds Star Wars With “Too Short” Trailer
You can also press the left/right arrow key on your keyboard to go to previous/next post

Tags: , , , ,

  On October 22, 2012(7 months, 0 days ago.)

Recent Search

Recent Tutorials

[Tutorial] How To Check The Health Of Your Hard Drive In Windows
This tutorial will show how to use S.M.A.R.T. (Self Monitoring Analysis and Reporting Technology) to continuously collect information on health of your equipment.
[Tutorial] How To Protect Windows From Java Security Problems
In this tutorial I'll show you how you can easily protect yourself from any kind of security breaks that may occur through Java.
Here Comes Two Step Verification For iCloud And Apple ID, Get It Now For Your Account
Today Apple enabled "Two Step Verification" for iCloud And Apple ID. But the process is not that simple. But no worry, here we have made a step by step tutorial.
What If You Forget Your iPhone Passcode?
Cant remember your iPhone passcode? Here I will show you some workaround on what to do and how to recover and restore for every possible scenario.
[Tutorial] How To Install and Use Winapp2.ini In Windows
This tutorial will show you how to perform the Winapp2.ini installation inside CCleaner and how to use it under Windows operating system.
[Tutorial] How To Record Music From Any Streaming Site
With app called AD Sound Recorder, you can record any stream that passes through your sound card or speakers and in this tutorial I will show you how to do that.
[Tutorial] How To Install Boxee On Your Apple TV Using Windows
If you want to have Boxee app inside your Apple TV, in this tutorial we will show you how to install XBMC and Boxee using Windows on your Apple TV.
[Tutorial] How To Transfer PS3 Saved Game Files From PC To PS3
This tutorial will show you how to transfer PS3 Saved Game Files from your PC to your PS3 game console.
[Tutorial] How To Insert YouTube Videos Inside PowerPoint 2013 Presentations
Adding videos from external sources such as internet, more specifically from YouTube, is a great solution to enhance a presentation; in this tutorial I will show you the procedure.
[Tutorial] How To Update Your Windows Phone 8 Smartphone
If you are one of new comers to Windows Phone 8, like me, in this tutorial I will walk you through the process to update your Windows Phone 8 device.
Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook