light bulb

Did You Know?



Reply
Posts: 5,008
Topics: 83
Kudos: 3,925
Registered: ‎11-27-2013

Columbia U boffins HACK GOOGLE PLAY to check apps

What they found: devs leave OAuth keys in the code
By Richard Chirgwin, 19 Jun 2014
It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.

That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites. As they researchers write in this paper:

Full Article here: http://www.theregister.co.uk/2014/06/19/columbia_u_boffins_hack_google_play_to_check_apps/

Sherry

   

Helpful Webroot Links:


Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User Guides |

BrightCloud URL lookup

Register and Introduce yourself to The Community!


Mac / Yosemite(10.10.1), IPads, PCs,W7Pro & W 8.1 R Pro. Windows 7 Pro on Lenovo & W/Vista Ultimate on Gateway Laptop.
(WSAC 5 PC,WSA Business)W/10 Preview