Android Phone Tips
“We recognize it is not the most significant piece of information, but a user name is an [identifier] you need to access your account,” Hoog maintained, saying that app developers could easily create an app that doesn’t store unencrypted personal data. The study looked at apps for use on Android and iPhone devices in four categories: financial, productivity, social networking and retail.
ViaForensics would install an app from the iTunes App Store or Android Market, populate it by using it with data that they would specifically be looking for (user names, passwords and other app data) and then analyze the device, searching the entire file system to see if they could find the information.
A rating system of pass/warn/fail was used to judge the app. Of the 19 app in the four categories tested by ViaForesnics, none passed the company’s user name test. All 19 apps stored a user’s login name in plain text on the device. In addition, none of the 19 apps passed the “app data” test, with 14 apps receiving a fail grade, indicating that items such as instant message logs and passwords were stored in plain text.
Android apps for LinkedIn and Foursquare and Kik for iPhone and Android all stored a user’s password in plain text. In the productivity category of the study, e-mail apps such as Yahoo Mail, K-9 Mail and blogging app WordPress all received failing marks. Fifteen total apps in this category received failing marks (11 of them focused on e-mail), with content being stored on the user’s smartphone.
Hoog asked rhetorically. A Google spokesman told Wired.com that the company disputes the claim that data is “insecurely stored on Android devices” and “the data is not accessible by default unless the phone has been rooted to gain full privileges” which Google claims Android “actively protects against.” “One of the more recent batches of Android malware actually gets root on the device. “The other one, if you look at the iOS platform — if you want to jailbreak your iPhone 4, you go to Jailbreakme.com, a remote exploit of an iOS device that escalates root privileges,” Hoog added.
Android Phone Tips |
Android management app that’s a sort of ‘iTunes for Android.’ It’s a Windows app for managing everything about your Android phone over USB or wifi – downloading apps (see picture below), syncing music and other files, transcoding videos, taking Android screenshots, and backing-up your phone.
Elsewhere in the world, DoubleTwist has a similar app for Android-loving Mac users that syncs music, videos, incorporates its own app store, and supports the purchasing of music from the Amazon music store. A survey of 100 apps found that many are storing a high percentage of unencrypted personal data, making mobile devices a more attractive target for identity thieves and hackers.
Seventy-six percent of account user names for all the apps tested were able to be recovered, along with 31 percent of application data, such as location check-ins, and 10 percent of passwords. The rating indicates that a variety of sensitive information, including passwords and personal identification numbers (PINs) used through apps are regularly stored and recoverable from smartphones.
“We recognize it is not the most significant piece of information, but a user name is an [identifier] you need to access your account,” Hoog maintained, saying that app developers could easily create an app that doesn’t store unencrypted personal data. The study looked at apps for use on Android and iPhone devices in four categories: financial, productivity, social networking and retail.
ViaForensics would install an app from the iTunes App Store or Android Market, populate it by using it with data that they would specifically be looking for (user names, passwords and other app data) and then analyze the device, searching the entire file system to see if they could find the information.
A rating system of pass/warn/fail was used to judge the app. Of the 19 app in the four categories tested by ViaForesnics, none passed the company’s user name test. All 19 apps stored a user’s login name in plain text on the device. In addition, none of the 19 apps passed the “app data” test, with 14 apps receiving a fail grade, indicating that items such as instant message logs and passwords were stored in plain text.
Android apps for LinkedIn and Foursquare and Kik for iPhone and Android all stored a user’s password in plain text. In the productivity category of the study, e-mail apps such as Yahoo Mail, K-9 Mail and blogging app WordPress all received failing marks. Fifteen total apps in this category received failing marks (11 of them focused on e-mail), with content being stored on the user’s smartphone.
Hoog asked rhetorically. A Google spokesman told Wired.com that the company disputes the claim that data is “insecurely stored on Android devices” and “the data is not accessible by default unless the phone has been rooted to gain full privileges” which Google claims Android “actively protects against.” “One of the more recent batches of Android malware actually gets root on the device. “The other one, if you look at the iOS platform — if you want to jailbreak your iPhone 4, you go to Jailbreakme.com, a remote exploit of an iOS device that escalates root privileges,” Hoog added.
By. Android Phone Tips
0 comments: