light bulb

Did You Know?

Posts: 7,458
Topics: 85
Kudos: 8,441
Registered: ‎11-27-2013

Columbia U boffins HACK GOOGLE PLAY to check apps

What they found: devs leave OAuth keys in the code
By Richard Chirgwin, 19 Jun 2014
It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.

That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites. As they researchers write in this paper:

Full Article here:

Kind Regards,



Helpful Webroot Links:

Download (PC) | Download (Best Buy Subscription) | Submit Trouble Ticket | Account Console | User_Guides | BrightCloud URL lookup

Register and Introduce yourself to The Community!

WSAC (Beta) Mac / OS X El Capitan (10.11), IPad's, PCs,W 10 & W 8.1 R Pro. W 7 Pro ..Lenovo (VM:W7,8.1,10) & W/Vista Ultimate Gateway Laptop. (WSAC 5 PC,WSA Business)(WSAC Android)