Sunday, March 29, 2015
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 |

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

Comments

comments

  • Recent Posts

  • Enter your email address to subscribe to this newspaper and receive notifications of new articles by email.

  • .

    News

    Davis sewage to get new digs

    By Dave Ryan | From Page: A1

     
    Where do Davis recyclables go?

    By Felicia Alvarez | From Page: A1 | Gallery

    UCD faculty receive lowest pay in the system

    By Tanya Perez | From Page: A1

     
    Motive for murder-suicide remains a mystery

    By Lauren Keene | From Page: A1, 1 Comment | Gallery

    Human Relations Commission hosts Chávez celebration

    By Special to The Enterprise | From Page: A2

     
     
    Davis Flower Arrangers meet Wednesday

    By Enterprise staff | From Page: A6

    ‘Music as Medicine’ is radio show topic

    By Enterprise staff | From Page: A6

     
    Friendship the topic on radio program

    By Enterprise staff | From Page: A6

     
    .

    Forum

    Milt Prigee cartoon

    By Special to The Enterprise | From Page: B4

     
    Some ‘survey’ …

    By Letters to the Editor | From Page: B4

    These results were meaningless

    By Letters to the Editor | From Page: B4

     
    Survey not representative

    By Letters to the Editor | From Page: B4

    Answers on the green waste program

    By Special to The Enterprise | From Page: B4

     
    A phone call could have fixed this

    By Special to The Enterprise | From Page: B4

    Universities need more funding

    By Special to The Enterprise | From Page: B5

     
    Mayor’s corner: Looking ahead to spring

    By Dan Wolk | From Page: B5 | Gallery

    A Little Respect for Dr. Foster

    By Nicholas Kristof | From Page: B5

     
    Father of the bride snubbed

    By Special to The Enterprise | From Page: A8

    Which experiences count as ‘once in a lifetime’?

    By Marion Franck | From Page: A8

     
    After a month of no TV news, I’m feeling much better

    By Debra DeAngelo | From Page: A8

    Take a hike for your heart

    By Special to The Enterprise | From Page: A8

     
    .

    Sports

    Aggie softball splits doubleheader

    By Enterprise staff | From Page: B1

     
    Republic stun Galaxy with repeated history

    By Enterprise staff | From Page: B1

    Bad fourth quarter sinks boys lacrosse

    By Enterprise staff | From Page: B1

     
    Aggies’ walkoff win clinches series against Riverside

    By Enterprise staff | From Page: B1 | Gallery

    Burns scores shootout winner to lift Sharks

    By The Associated Press | From Page: B2 | Gallery

     
    UCD women’s tennis dominates at home

    By Enterprise staff | From Page: B10 | Gallery

    .

    Features

    .

    Arts

    .

    Business

    Millennials are changing our community

    By Rob White | From Page: A9

     
    With new owner, DAC will Get Fit

    By Wendy Weitzel | From Page: A9 | Gallery

    Grant writing for non-profits workshop set

    By Special to The Enterprise | From Page: A9

     
    .

    Obituaries

    .

    Comics

    Comics: Sunday, March 29, 2015

    By Creator | From Page: B8