Wednesday, April 23, 2014
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 | Leave Comment

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

LEAVE A COMMENT

Discussion | No comments

The Davis Enterprise does not necessarily condone the comments here, nor does it review every post. Read our full policy

.

News

 
New mosaic mural reflects Peña family history

By Jeff Hudson | From Page: A1, 1 Comment | Gallery

UC Davis biodigester hungers for food scraps

By Elizabeth Case | From Page: A1 | Gallery

 
 
Penalty decision looms in Winters homicide case

By Lauren Keene | From Page: A2

Hay bales burn east of Davis

By Lauren Keene | From Page: A2

 
Woman killed by train ID’d

By Lauren Keene | From Page: A2

 
Pro-Russian insurgents hold journalist captive

By The Associated Press | From Page: A2

Fire damages Woodland home

By Lauren Keene | From Page: A3

 
Register to vote by May 19

By Enterprise staff | From Page: A3

Sign up for enviro organizations during Earth Week

By Enterprise staff | From Page: A3

 
Bible fun featured at Parents’ Night Out

By Enterprise staff | From Page: A3

Davis businesswoman presides over conference

By Enterprise staff | From Page: A3

 
Birch Lane sells garden plants, veggies

By Enterprise staff | From Page: A3

Team Blend hosts fundraiser for Nicaragua project

By Jeff Hudson | From Page: A3

 
Davis Arts Center: See ceramics, join the Big Day of Giving

By Erie Vitiello | From Page: A3 | Gallery

Fire crews gather for joint training

By Special to The Enterprise | From Page: A4

 
Odd Fellows host culinary benefit for nonprofit

By Enterprise staff | From Page: A4

400 bikes go up for bids at UCD auction

By Enterprise staff | From Page: A4

 
Sunder hosts campaign event for kids

By Enterprise staff | From Page: A4

 
Church hosts discussion of mental health needs, services

By Enterprise staff | From Page: A4

UCD to host premiere of autism documentary

By Cory Golden | From Page: A4

 
UFC hears from two local historians

By Enterprise staff | From Page: A4

Fundraiser benefits Oakley campaign

By Enterprise staff | From Page: A4

 
UCD professor to talk about new book

By Enterprise staff | From Page: A5

Fly Fishers talk to focus on healthy streams, rivers

By Enterprise staff | From Page: A5 | Gallery

 
Train to become a weather spotter

By Enterprise staff | From Page: A5

Learn survival skills at Cache Creek Preserve

By Enterprise staff | From Page: A5

 
Veterans, internees may receive overdue diplomas

By Enterprise staff | From Page: A5

UC Davis conference showcases undergraduate research

By Julia Ann Easley | From Page: A5 | Gallery

 
Conservation District celebrates its stewardship efforts

By Special to The Enterprise | From Page: A7

Slow Food tour showcases area’s young farmers

By Enterprise staff | From Page: A10

 
.

Forum

Even a safe house needs boundaries

By Special to The Enterprise | From Page: B5

 
I support Sunder for board

By Letters to the Editor | From Page: A6

Will anyone notice?

By Letters to the Editor | From Page: A6

 
My votes reflect city values

By Letters to the Editor | From Page: A6, 1 Comment

Tom Meyer cartoon

By Debbie Davis | From Page: A6

 
A plea on the Bard’s birthday

By Special to The Enterprise | From Page: A6

 
.

Sports

DHS thunders back to win an epic DVC volleyball match

By Enterprise staff | From Page: B1

 
DHS/Franklin I goes to the Blue Devil softballers

By Chris Saur | From Page: B1 | Gallery

Davis gets to Grant ace and rolls in DVC crucial

By Bruce Gallaudet | From Page: B1 | Gallery

 
Walchli is under par in another Devil victory

By Enterprise staff | From Page: B1

Seniors send Blue Devil girls past Broncos in a lacrosse rout

By Spencer Ault | From Page: B1 | Gallery

 
 
Baseball roundup: Rangers rally to beat A’s in the ninth

By The Associated Press | From Page: B8

Sharks go up 3-0 with OT win

By The Associated Press | From Page: B8 | Gallery

 
.

Features

 
.

Arts

 
Five Three Oh! featured at April Performers’ Circle

By Enterprise staff | From Page: A9 | Gallery

 
Celebrate spring at I-House on Sunday

By Enterprise staff | From Page: A9

 
Music, wine flow at Fourth Friday

By Enterprise staff | From Page: A9

Biscuits ‘n Honey will play at winery

By Enterprise staff | From Page: A9

 
.

Business

.

Obituaries

Catharine ‘Kay’ Lathrop

By Special to The Enterprise | From Page: A4

 
.

Comics

Comics: Wednesday, April 23, 2014

By Creator | From Page: B6