Posts Tagged ‘Android safety’

Android HackedWell-known security expert Android-apps Jon Oberheide of Duo Security two years ago broke the Android Market and shown how to distribute malicious code through updates to applications.

After appearing in Google Play antivirus and emulator for testing new applications Android Bouncer he analyzed these tools and show how they can be avoided. Now colleagues of Jon Oberheide from the universities of Hanover and Marburg (Germany) have published a new study, where they continue to reveal the theme of love malicious software to the platform Android. The report, “Why Eve and Mallory Love Android: An Analysis of Android (In) Security” is dedicated to finding examples of incorrectly implemented SSL / TLS in the Android-applications.

The authors demonstrate that the catalog Google Play you can find thousands of applications from serious errors in the implementation of SSL / TLS, which makes them vulnerable to attacks such as MiTM and gives attackers access to the private information of users. One of the common mistakes – function not check SSL-certificate, which left in the application code after debugging. It happens that the application accepts any SSL-certificate or with any host. (more…)