Android Flaw Might Also Affect iOS, Windows - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Android Flaw Might Also Affect iOS, Windows
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/27/2014 | 7:47:29 AM
Re: So many white hats, so little common sense among developers
That's really the biggest issue isn't it?  Any app out there has the potential to be malicious and the markets have made it easier for people to get large audiences for their apps.  Look at an app like Flappy Bird, it was dirt simple yet became one of the most popular apps on the markets.  People installing it after the hype hit would have clicked yes if the ToS said they had to give up a limb.
asksqn
50%
50%
asksqn,
User Rank: Ninja
8/26/2014 | 7:03:49 PM
So many white hats, so little common sense among developers
So in order for this particular exploit to work, it has to use a "malicious" app to dishcharge its payload.  LOL. That only narrows it down to anything currently out there as they are all inherently malicious by design mostly in the form of privacy intrusions, transmitting any/all data back to the mothership without the user knowning about it save for the clickwrap ToS (which no one reads) upon installation.

 

 
mrao30001
50%
50%
mrao30001,
User Rank: Apprentice
8/26/2014 | 5:26:26 PM
Re: Defining criteria for apps
That's not going to help.  The only permission it needs is internet access.  Practically every app needs internet access.   So this code could be hidden inside an app that provides some genuine useful functionaility, gets a lot of great reviews because it does that job well and still be insidiously phoning in your information.  That's why this app is so scary.  It could be any great app that could be doing this and we would be none the wiser. The only fix for this is for Google to prevent this from happening by changing how the shared memory is being used.  I don't know enough of the details on how this actually works, but from their statements, Android seems to be intentionally designed to provide this access (presumably for some useful reason).  So changing this may take some doing and possibly break some other good apps.
PedroGonzales
50%
50%
PedroGonzales,
User Rank: Ninja
8/26/2014 | 9:48:44 AM
Re: Defining criteria for apps
app developers have to be more open to their users.  If they are to access your contact folder or other folder, users should have the right to know about it. 
SaneIT
50%
50%
SaneIT,
User Rank: Ninja
8/26/2014 | 9:23:25 AM
Re: Defining criteria for apps
The more granular permissions would be a good start as long as developers use them properly.  My biggest issue with app security is that I see all kinds of crazy permissions requested.  Like why does a game need access to my contacts?  Things like that are an immediate closing of the app on the Play store.
securityaffairs
50%
50%
securityaffairs,
User Rank: Strategist
8/25/2014 | 6:22:12 PM
Side channel attacks
Side channel attacks are hard to tackle and remind us the importance of physical security of devices.

 
WaqasAltaf
50%
50%
WaqasAltaf,
User Rank: Ninja
8/25/2014 | 3:11:19 PM
Re: Defining criteria for apps
Pedro, I partly disagree. I agree to the extent that future developers will be able to learn much from this flaw but I disagree that it will not cause harm because now many know the problems with the OS including hackers.
rradina
50%
50%
rradina,
User Rank: Ninja
8/25/2014 | 2:54:06 PM
Why Is This News?
We've known for years that a compromised OS cannot be trusted and most even go so far as to claim it's like a horse with a broken leg.  Why is it revelation when we discover that a mobile OS isn't safe when compromised by similar tactics?

While it's always good to add more layers of protection, if a malicious application managed to install itself on your device, do you still trust your device if fine-grained control makes it harder for background spy apps to steal data?
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 2:41:04 PM
Re: Defining criteria for apps
The impact is much more than mobile applications. Google is commanding an IOT strikeforce and plans to have its stronghold in the IOT industry. Such accusations against Google's products that question Google's security might be image disturbing for the company.
SachinEE
50%
50%
SachinEE,
User Rank: Ninja
8/25/2014 | 2:37:51 PM
Re: Defining criteria for apps
Amping up the security would mean nothing. Nothing is impenetrable. Not even NSA's defences against independent hackers. What could be done is maybe have all the app developers supported by Google Store have a time-generated signature (like a key) that enables them to upload the app in the android device. This signature would be generated by Google's engines and it would be one time use only. Its like Google saying "Oh so you want your customer to download your software? Please, what is the password again?"
Page 1 / 2   >   >>


The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll