Android Apps "leak"

[A Nonny Moose 8,261]

"What one fool can do, another fool can do." - Sylvanus P. Thompson.

Seems there are some security issues. Some of this could be attributed to inexperienced programmers when it comes to apps. However, if Android itself is the culprit, shame on Google.

[Duke87 1,070]

Sounds like this is a vulnerability with the apps themselves, not the OS. So, that means it's on the app developers.

Of course, if they were doing it right, they would have named the apps they tested and which ones were found to have vulnerabilities. You don't do the public any service if you keep that secret!

This, as far as I am concerned, is also a great reason why handling banking from your phone is not wise. If I want to transfer funds or anything like that, I go in person to my local bank. Because as far as I am concerned, the single best way to keep someone from hacking into my online banking account is to simply not have one. The way I do it, I entirely use the banks infrastructure, so if something screws up, they're liable.

[Easy Bakes 253]

Sounds like this is a vulnerability with the apps themselves, not the OS. So, that means it's on the app developers.

Of course, if they were doing it right, they would have named the apps they tested and which ones were found to have vulnerabilities. You don't do the public any service if you keep that secret!

This, as far as I am concerned, is also a great reason why handling banking from your phone is not wise. If I want to transfer funds or anything like that, I go in person to my local bank. Because as far as I am concerned, the single best way to keep someone from hacking into my online banking account is to simply not have one. The way I do it, I entirely use the banks infrastructure, so if something screws up, they're liable.

thats a good idea.

[A Nonny Moose 8,261]

Actually, I do on-line banking over the Internet. My bank is in another town something like 50 Km from here, so it is a kind of forced put. Their security is very good, and the activities are over an https encrypted link. No one in Canada has reported a problem with the banks being hacked.

[Duke87 1,070]

The issue isn't hacking on the bank's end, it's hacking on your end.

You've brought up a vulnerability with Android apps that means someone can steal your usernames and passwords. And that is definitely not the only such vulnerability out there!

[jdenm8 362]

Yeah, sounds like a conjunction of App and User problems. I, personally, don't use any Wi-Fi network that I don't trust when I have the option (I will choose using the Hotspot on my phone over a free Wi-Fi connection) and that's where the Researchers were able to get in and intercept the data.

It's not rocket science to do this yourself, all you need is a Wireless Access Point, an Internet Gateway and a PC with Wireshark installed relaying the connection in the middle.

Once again it's the whole "not encrypting data before sending/storing it" and I'm getting rather sick of hearing of it. Not Salting (Or using an encryption method better than MD5, come on) sensitive data is just plain laziness on the behalf of the programmers and an insult to users.

  Edited October 23, 2012 by jdenm8  

[A Nonny Moose 8,261]

Well, while not excusing them, you really can't blame the programmers too much. They've got to learn, somehow. Writing any program is not a piece of cake and QA is not a walk in the park either.