Study: 40 percent of Android apps reveal sensitive data

the British codified security security provider has in a study about 2000 Android apps investigated. Therefore, approximately 40 per cent of the applications contain backdoors, which at worst lead to disclosure of personal data, reported as Tech Republic . “

 the Fraunhofer SIT has discovered serious flaws in security apps for Android (picture: Fraunhofer SIT). information about the development environments used by the programmers are a potential gateway for hackers. Attackers could use this data to access the associated servers, which are often less well secured as the apps themselves are. While they received may be inside the apps and still existing debug code.

“We have searched services Twitter GitHub and other popular references to AWS, GCP, and created rules to find this kind of key in Java strings”, it says press release of codified in a . “Make sure that all references to staging and development environments will be removed from your app.” A screenshot according to gave an app report on Amazon’s Storagedienst S3 credentials (access ID and secret key).

about three percent of the apps, the researchers found a serious security flaw. These apps contained unneeded code, including complete Java libraries for the use of the app. “The problem is that the entire code of the library is available, including the parts that deal with the backend.” As a result, attackers may could read confidential data from the entire app or maybe even complete server cluster databases access and.

specifically found you researchers 50 apps, which provided sufficient data for a complete compromise of the backend. “Keep in mind that your app contains all code that you have written. If it is in the app store, you have no control over, anyone who downloads them and takes apart.”

HIGHLIGHT

open Telecom cloud: resources on demand

from Capex to Opex: turn companies just reinforced rigid investment costs in dynamic editions, which adapt to the business – IT capacity from the cloud, rather than from their own servers and be so flexible. Popularity: Infrastructure-as-a-service (IaaS) from the open Telecom cloud.

tip : you are an Android expert? Check your knowledge – with 15 questions on silicon.de

Be the first to comment

Leave a Reply