Many Android apps contain hidden secrets
When many people think about malware and other malicious or suspicious software, they focus on computers. It is common best practice to have an antivirus program installed and regularly running on these machines.
Smartphones are rapidly becoming the most common and popular device for computation and Internet access. An “always connected” culture means that many people are constantly checking their devices and have entrusted them with access to their online accounts and sensitive data via installed applications.
The growing popularity of smartphones and other mobile devices has made them a focus of cybercriminals as well. About 24,000 malicious mobile apps are blocked every day. However, a recent study of popular Android apps revealed that many of the most-used apps have hidden secrets.
The Android app security study focused on two different types of backdoors:
- Authentication bypasses: Authentication bypass backdoors are designed to allow someone to gain access to the app while bypassing the app’s access control mechanism. The report further broke these authentication bypasses down into secret access keys, master passwords and secret privileged commands.
- Hidden blocklists: Blocklists are designed to filter user input to deny undesirable input. If the contents of these blocklists are not made clear to the user (i.e., “invalid characters” rather than denying [email protected]#), they are considered to be hidden.
The study of Android app security contained a dataset of 150,000 popular Android apps. These are broken down as follows:
- The top 100,000 most-downloaded apps from the Google Play Store
- The top 20,000 most-downloaded apps from alternative app stores
- 30,000 pre-installed apps extracted from the firmware of Samsung devices
The image above shows the findings of the research. Over 11% of the applications studied contained either authentication bypasses or hidden blocklists. A few other important takeaways (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Zbml4mWBzOY/