Tuesday, July 29, 2014

At least half of the 50 most popular Android mobile apps have inherited security vulnerabilities


through the reckless re-use of software libraries.

As long as we have
  • Compressed schedules
  • Functionality trumping security
  • Reckless programmers

The code will always be insecure


(From the article)

More concerning is when “developers act intentionally,” Jarva said.

“Some people might have been providing a vulnerability on purpose in order to do something nasty” once the code has been distributed.

Who are they working with? Do they have sideline jobs somewhere else? The developers might be getting their dollars from ad networks," Jarva said.


One in ten apps send either the user’s device ID (IMEI code) or location data to a third party, and one even sends the user’s mobile phone number. One in ten applications connected to more than two ad networks.

The study found that over 30 percent of the apps transmit private data in plain text and plenty more are not encrypting the transfer of this data to best practice.

“The issues are invisible to users,” Jarva said. “A lot of things are happening behind the scenes, it only afterwards they know what has been done.”



The link below has more information:-


No comments:

Post a Comment