acm-header
Sign In

Communications of the ACM

ACM TechNews

Security Holes in Smartphone Apps


A representation of Android's vulnerability issues.

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted.

Credit: Mashable

Popular Android apps have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to University of California, Davis researchers. The researchers determined that the victim would first have to download a piece of malicious code, which could be disguised as or hidden in a useful app, onto their phone; the malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, says UC Davis researcher Dennis Xu. "It's a developer error," Xu says. "This code was intended to be private but they left it public."

Xu collected about 120,000 free apps from the Android marketplace, and the researchers closely examined a handful of major applications that turned out to have serious security flaws. Xu notes that Apple's iOS platform could have similar problems with iPhone apps.

UC Davis professor Zhendong Su says they have notified the app developers of the problems, although they have not yet had a response.

From UC Davis News & Information
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found