light bulb

Did You Know?

Posts: 11,635
Topics: 103
Kudos: 16,150
Registered: ‎11-27-2013

Columbia U boffins HACK GOOGLE PLAY to check apps

What they found: devs leave OAuth keys in the code
By Richard Chirgwin, 19 Jun 2014
It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.

That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites. As they researchers write in this paper:

Full Article here:

Kind Regards,


Helpful Webroot Links:
Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User_Guides | BrightCloud URL lookup

and Introduce yourself to The Community!

ALIENWARE 17R3 Win 10 Pro x64 / Mac OS X El Capitan (10.11), IPad's, PCs,W 10 & W 8.1 R Pro. W 7 Pro ..Lenovo (VM:10) & Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Note 4) Beta Tester