Pipe 3AX Reverse engineering Android apps reveals important security flaws

Reverse engineering Android apps reveals important security flaws

by
in mobile on (#3AX)
This story comes from CNet, who has dumbed the story down in a way that makes it a bit hard to understand [ed note: ironic]. But it appears security researchers have reverse engineered over 880,000 of the Android app store's 1.1M free apps, and found a number of important security concerns .

The first concern is the existence of hard coded keys, which the article claims "username and password data -- which can then be used to steal user data or resources from entities such as Amazon and Facebook." That's not well explained, but that's CNet for you.

The second concern isn't so much a security issue as further evidence that the Android app store could use some better curating: the researchers discovered that roughly 25% of Android free apps are simply clones of other apps.

The researchers used a tool called "PlayDrone" which circumvents the App store's procedures to download apps and reverse engineer them to acquire source code. The source article at Columbia University is better , or PlayDrone yourself over at Github. A bit of nice work by researchers Jason Nieh and Nicolas Viennot.

History


Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /var/pipedot/include/diff.php on line 25

Deprecated: Creation of dynamic property FineDiff::$granularityStack is deprecated in /var/pipedot/lib/finediff/finediff.php on line 217

Deprecated: Creation of dynamic property FineDiff::$edits is deprecated in /var/pipedot/lib/finediff/finediff.php on line 218

Deprecated: Creation of dynamic property FineDiff::$from_text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 219

Deprecated: Creation of dynamic property FineDiff::$last_edit is deprecated in /var/pipedot/lib/finediff/finediff.php on line 372

Deprecated: Creation of dynamic property FineDiff::$stackpointer is deprecated in /var/pipedot/lib/finediff/finediff.php on line 373

Deprecated: Creation of dynamic property FineDiff::$from_offset is deprecated in /var/pipedot/lib/finediff/finediff.php on line 375

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155
2014-06-19 10:10
Reverse engineering Android apps reveals important security flaws
zafiro17@pipedot.org
This story comes from CNet, who has dumbed the story down in a way that makes it a bit hard to understand [ed note: ironic]. But it appears security researchers have reverse engineered over 880,000 of the Android app store's 1.1M free apps, and found a number of important security concerns .

The first concern is the existence of hard coded keys, which the article claims "username and password data -- which can then be used to steal user data or resources from entities such as Amazon and Facebook." That's not well explained, but that's CNet for you.

The second concern isn't so much a security issue as further evidence that the Android app store could use some better curating: the researchers discovered that roughly 25% of Android free apps are simply clones of other apps.

The researchers used a tool called "PlayDrone" which circumvents the App store's procedures to download apps and reverse engineer them to acquire source code. The source article at Columbia University is better , or PlayDrone yourself over at Github. A bit of nice work by researchers Jason Nieh and Nicolas Viennot.
Reply 0 comments