Security News Are your Android apps sending unencrypted data?

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://nakedsecurity.sophos.com/2018/05/29/are-your-android-apps-sending-unencrypted-data/
Have you ever wanted to know what your phone is up to?

Good, then this article is for you.

Phones are locked down so you don’t have to worry about what’s going on under the hood. That’s great if you want a device that Just Works, and it’s the exact opposite if you’re the kind of person that worries about what it might be up to – like me.

Fortunately, if you have a bit of time and some technical skills, there are some simple ways to see what your apps are up to.

One of the things I worry about is oversharing – apps sending out more data than they need to, or transmitting data in insecure ways – such as using unencrypted HTTP requests instead of HTTPS.

My concerns led me to do some network analysis on popular Android apps, following the methodology set out in the OWASP Mobile Security Testing Guide.

I’ll tell you what I did, what I discovered and how you can do it to.
Click to expand...
Oversharing apps

I looked at the charts of the most popular apps on Google Play, picked a few at random, installed them and then monitored their traffic to see what they were sharing.
I tested fourteen popular apps:
  • Four of them sent data unencrypted, making them easy to spy on over public Wi-Fi.
  • One app shared email addresses and authentication tokens in plain text.
  • Another shared my ZIP code, Android version and battery charge (a potential fingerprint).
I was shocked at how easy it was to discover such basic security blunders, and shared what I found with the apps’ developers.
There are millions of apps on Google Play, and millions more on other markets – far too many for me to test on my own. That’s where you come in – here’s how I did it, so you can do it too.
Click to expand...
 
  • Like
Reactions: CodaPG, lowdetection, vtqhtr413 and 3 others
oneeye

oneeye

Level 4
Verified
Jul 14, 2014
174
HarborFront said:
Actually, you can use apps like ReCon and Lumen Privacy Monitor to monitor and block privacy leaks

Android - ReCon: Watch who is watching you, and block unwanted privacy leaks

Android - Lumen Privacy Monitor Detects Apps That Leak Personal Data
Click to expand...

Lumen also gives you blocking controls, on a par with some other global blocking apps. Netguard, for instance (the GitHub version) is great for monitoring and blocking individual IP addresses. But, Lumen is free, easy to use, if you trust the developers. I trust both developers, personally.
 
  • Like
Reactions: HarborFront and upnorth
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
'Evil Telegram' Android apps on Google Play infected 60K with spyware
Replies
5
Views
1,972
News Archive
TairikuOkami
TairikuOkami
CyberTech
    • Like
    • +Reputation
Android adware apps on Google Play amass two million installs
Replies
0
Views
697
News Archive
CyberTech
CyberTech
[correlate]
    • Like
    • Wow
Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection
Replies
0
Views
1,033
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top