Featured Research

from universities, journals, and other organizations

Security holes in smartphone apps

Date:
April 17, 2013
Source:
University of California Davis (UCD)
Summary:
Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers.

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to researchers at the University of California, Davis.

Zhendong Su, professor of computer science, said that his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide. Android is quite different from Apple's iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto their phone. This could be disguised as or hidden in a useful app, or attached to a "phishing" e-mail or Web link. The malicious code would then invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

"It's a developer error," Xu said. "This code was intended to be private but they left it public."

Su and Xu, with UC Davis graduate student Fangqi Sun and visiting scholar Linfeng Liu, Xi'an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including "private" messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user's phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.


Story Source:

The above story is based on materials provided by University of California Davis (UCD). Note: Materials may be edited for content and length.


Cite This Page:

University of California Davis (UCD). "Security holes in smartphone apps." ScienceDaily. ScienceDaily, 17 April 2013. <www.sciencedaily.com/releases/2013/04/130417091917.htm>.
University of California Davis (UCD). (2013, April 17). Security holes in smartphone apps. ScienceDaily. Retrieved April 15, 2014 from www.sciencedaily.com/releases/2013/04/130417091917.htm
University of California Davis (UCD). "Security holes in smartphone apps." ScienceDaily. www.sciencedaily.com/releases/2013/04/130417091917.htm (accessed April 15, 2014).

Share This



More Computers & Math News

Tuesday, April 15, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Google Patents Contact Lens Cameras; Internet Is Wary

Google Patents Contact Lens Cameras; Internet Is Wary

Newsy (Apr. 15, 2014) — Google has filed for a patent to develop contact lenses capable of taking photos. The company describes possible benefits to blind people. Video provided by Newsy
Powered by NewsLook.com
The Walking, Talking Oil-Drigging Rig

The Walking, Talking Oil-Drigging Rig

Reuters - Business Video Online (Apr. 15, 2014) — Pennsylvania-based Schramm is incorporating modern technology in its next generation oil-drigging rigs, making them smaller, safer and smarter. Ernest Scheyder reports. Video provided by Reuters
Powered by NewsLook.com
NSA Leaks Net Pulitzer For Guardian, Washington Post

NSA Leaks Net Pulitzer For Guardian, Washington Post

Newsy (Apr. 14, 2014) — The Pulitzer Prize for Public Service was awarded to The Washington Post and The Guardian for their work covering the NSA's surveillance programs. Video provided by Newsy
Powered by NewsLook.com
Google Buys Drone Maker, Hopes to Connect Rural World

Google Buys Drone Maker, Hopes to Connect Rural World

Newsy (Apr. 14, 2014) — Formerly courted by Facebook, Titan Aerospace will become a part of Google's quest to blanket the world in Internet connectivity. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
 
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:  

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:  

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile iPhone Android Web
Follow Facebook Twitter Google+
Subscribe RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins