light bulb

Did You Know?



Reply
Highlighted
Posts: 6,459
Topics: 83
Kudos: 5,845
Registered: ‎11-27-2013

Columbia U boffins HACK GOOGLE PLAY to check apps

What they found: devs leave OAuth keys in the code
By Richard Chirgwin, 19 Jun 2014
It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.

That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites. As they researchers write in this paper:

Full Article here: http://www.theregister.co.uk/2014/06/19/columbia_u_boffins_hack_google_play_to_check_apps/

Sherry

   

Helpful Webroot Links:


Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User Guides |

BrightCloud URL lookup

Register and Introduce yourself to The Community!


Mac / Yosemite(10.10.4), IPads, PCs,W 7 Pro & W 8.1 R Pro. W 7 Pro on Lenovo (VM:W7,8.1,10) & W/Vista Ultimate on Gateway Laptop.
(WSAC 5 PC,WSA Business)W/10 Preview (WSAC Android)