What they found: devs leave OAuth keys in the code
By Richard Chirgwin, 19 Jun 2014
It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.
That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites. As they researchers write in this paper:
Full Article here: http://www.theregister.co.uk/2014/06/19/columbia_u_boffins_hack_google_play_to_check_apps/
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.