Columbia U boffins HACK GOOGLE PLAY to check apps

  • 20 June 2014
  • 0 replies
  • 308 views

Userlevel 7
Badge +62
What they found: devs leave OAuth keys in the code
By Richard Chirgwin, 19 Jun 2014
It's the app developer's equivalent of hiding the door keys under the mat: researchers from Columbia University have found Android apps containing the developers' secret keys.

That's a more serious issue than the old “don't re-use passwords”: the thousands of credentials embedded by developers, blithely assuming they're not visible to an end user, were OAuth tokens valid on other sites. As they researchers write in this paper:

Full Article here: http://www.theregister.co.uk/2014/06/19/columbia_u_boffins_hack_google_play_to_check_apps/

0 replies

Be the first to reply!

Reply