Sunday, November 23, 2014
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 |

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

Comments

comments

.

News

Hollywood readies its big guns for the holidays

By Derrick Bang | From Page: A1 | Gallery

 
Need for local foster parents grows

By Anne Ternus-Bellamy | From Page: A1

 
Tactical robot decreases officer risks

By Lauren Keene | From Page: A1 | Gallery

Berkeley, Santa Cruz students protest fee hikes

By The Associated Press | From Page: A2

 
Couple arrested on drug, firearm possession charges

By Lauren Keene | From Page: A2

Woman confronts suspicious follower

By Lauren Keene | From Page: A2

 
Bob Dunning: Signs, signs, everywhere a sign

By Bob Dunning | From Page: A2

For the record

By Enterprise staff | From Page: A2

 
Auction-bound student artwork stolen in downtown heist

By Lauren Keene | From Page: A3, 1 Comment | Gallery

UCD awarded $100M to lead program to predict, prevent pandemic threats

By Special to The Enterprise | From Page: A3

 
Breakfast with Santa tickets are going fast

By Enterprise staff | From Page: A3

Workshop will answer financial aid questions

By Enterprise staff | From Page: A4

 
Probationers, parolees graduate from Yolo transitional program

By Special to The Enterprise | From Page: A4 | Gallery

 
Free boot camp, yoga fundraiser this week

By Enterprise staff | From Page: A4

Enterprise observes holiday hours

By Enterprise staff | From Page: A4

 
Bell-ringers still needed this holiday season

By Enterprise staff | From Page: A4

Give blood and get a free movie ticket

By Enterprise staff | From Page: A4

 
Thanksgiving feast is open to all

By Enterprise staff | From Page: A4

Round up at the registers for Davis schools

By Enterprise staff | From Page: A5

 
Yolo Food Bank invites locals to run with the flock

By Enterprise staff | From Page: A5

Museum announces holiday schedule

By Enterprise staff | From Page: A5

 
At the Pond: Stop, look and listen

By Jean Jackman | From Page: A5 | Gallery

Swing your partner!

By Wayne Tilcock | From Page: A6

 
Project Linus seeks donations

By Enterprise staff | From Page: A6

Fairfield School enjoys a festive feast

By Special to The Enterprise | From Page: A7 | Gallery

 
Right at home: gifts you can use and use up

By The Associated Press | From Page: A8

Dec. 10 jeans drive benefits STEAC

By Anne Ternus-Bellamy | From Page: A9

 
Davis Community Church history recounted in Sunday talk

By Enterprise staff | From Page: A10 | Gallery

Open your heart

By Enterprise staff | From Page: A11

 
Bob Hope interview pulled from ‘the vault’

By Enterprise staff | From Page: A12

.

Forum

There’s only one way to fix this

By Creators Syndicate | From Page: B5

 
Students barking up the wrong tree

By Our View | From Page: A14

Rick McKee cartoon

By Debbie Davis | From Page: A14

 
Heartbroken over treatment of teacher

By Letters to the Editor | From Page: A14, 1 Comment

Google, tell me. Is my son a genius?

By Special to The Enterprise | From Page: A14

 
Daryl Cagle cartoon

By Debbie Davis | From Page: A15

Cordial political discourse: Seven years later, the thoughts resonate

By Special to The Enterprise | From Page: A15

 
Easing the stress during college application season

By Special to The Enterprise | From Page: A15

When the computer stares back

By Creators Syndicate | From Page: A16

 
How I want to be remembered

By Marion Franck | From Page: A16

 
Watch out for holiday weight gain

By Special to The Enterprise | From Page: A16

.

Sports

Turnovers costly as UC Davis loses Classic, 41-30

By Bruce Gallaudet | From Page: B1 | Gallery

 
Aggie men finish off Furman

By Enterprise staff | From Page: B1

Upset-minded Lions bounce UCD from WWPA tourney

By Enterprise staff | From Page: B1

 
New, old-look helmets not enough to lift UCD footballers

By Bruce Gallaudet | From Page: B1 | Gallery

Late shot sinks Aggie women

By Spencer Ault | From Page: B1 | Gallery

 
UCD roundup: Seniors play well in Aggie volleyball loss

By Enterprise staff | From Page: B3 | Gallery

Wire briefs: Kings get past depleted T-Wolves

By The Associated Press | From Page: B6

 
With volleyball playoff berth, DHS accomplished its 2014 goal

By Evan Ream | From Page: B6 | Gallery

.

Features

.

Arts

.

Business

 
Don’t pass up the parking gift downtown

By Wendy Weitzel | From Page: A13

Doby Fleeman: Give thanks for our innovation culture

By Doby Fleeman | From Page: A20

 
Honey, spreads showcased at open house

By Enterprise staff | From Page: A20

.

Obituaries

.

Comics

Comics: Sunday, November 23, 2014

By Creator | From Page: B8