Security shocker: Android apps send private data in clear

Status
Not open for further replies.
Jack

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Cellphones running the Android operating system fail to encrypt data sent to and from Facebook and Google Calendar, shortcomings that could jeopardize hundreds of millions of users' privacy, a computer scientist says.

In a simple exercise for his undergraduate security class, Rice University professor Dan Wallach connected a packet sniffer to his network and observed the traffic sent to and from his Android handset when he used various apps available for Google's mobile platform. What he saw surprised him.

More details - link
 
AyeAyeCaptain

AyeAyeCaptain

Level 1
Feb 24, 2011
585
This is very poor on their part in my opinion for a company who has a huge userbase in which they say they aim to protect. I for one will not use my Android phone for such activity anymore until they get this sorted. Not that I post too much on their social networking site, but still have to admit I'm a self-confessed addict!
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
This is a problem with the apps, not the actual Android platform. Keep in mind that even on PC-s most sites do not maintain the SSL encryption (https) after the login.
 
AyeAyeCaptain

AyeAyeCaptain

Level 1
Feb 24, 2011
585
bogdan said:
This is a problem with the apps, not the actual Android platform. Keep in mind that even on PC-s most sites do not maintain the SSL encryption (https) after the login.
Click to expand...

Sad but true, do you think in the near future most sites will go with full SSL sites as opposed to just log-ins? If I understand right it uses lots more resources like bandwidth and CPU etc to achieve this, so would the cost be justified?
 
LoftedAphid86

LoftedAphid86

New Member
Feb 24, 2011
1,107
AyeAyeCaptain said:
bogdan said:
This is a problem with the apps, not the actual Android platform. Keep in mind that even on PC-s most sites do not maintain the SSL encryption (https) after the login.
Click to expand...

Sad but true, do you think in the near future most sites will go with full SSL sites as opposed to just log-ins? If I understand right it uses lots more resources like bandwidth and CPU etc to achieve this, so would the cost be justified?
Click to expand...
I know that Comodo forums has this option, is there anywhere else that currently has this?
 
bogdan

bogdan

Level 1
Jan 7, 2011
1,362
Google implemented it with Gmail some time ago and published a report saying that the actual impact on their servers is not as big as expected. Other social sites will probably follow the example (some already did). Fireshepp (A Firefox extension that demonstrates HTTP session hijacking attacks) brought some attention to this subject.

You can use HTTPS Everywere - a Firefox extension - to force a permanent https connection on some sites.
Facebook recently allows you to enable this feature for their website (link). Highly recommended, especially if you use public hot-spots.
 
Status
Not open for further replies.

Similar threads

LASER_oneXM
    • Like
One of 1st-known Android DDoS malware infects phones in 100 countries
Replies
1
Views
1,443
News Archive
oneeye
oneeye
Terry Ganzi
    • Like
  • Locked
Flawed Android factory reset leaves crypto and login keys ripe for picking
Replies
0
Views
1,667
News Archive
Terry Ganzi
Terry Ganzi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top