Sunday, May 3, 2015
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 |

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

Comments

comments

.

News

Breaking barriers: For Prieto, it’s all about hard work

By Lauren Keene | From Page: A1 | Gallery

 
Council to hear about drought pricing

By Dave Ryan | From Page: A1

Peaceful Baltimore demonstrators praise top prosecutor

By The Associated Press | From Page: A2

 
Nigeria: Nearly 300 freed women, children led to safety

By The Associated Press | From Page: A2

 
For the record

By Enterprise staff | From Page: A2

 
Graveyard thefts land three Woodlanders behind bars

By Lauren Keene | From Page: A3

Downtown altercation leads to injuries

By Anne Ternus-Bellamy | From Page: A3

 
Woman arrested for brandishing knife on overpass

By Anne Ternus-Bellamy | From Page: A3

Yolo DA launches monthly newsletter

By Enterprise staff | From Page: A3

 
Can plants talk? UCD prof will answer that question

By Special to The Enterprise | From Page: A3 | Gallery

A Scottish setting for local author’s next book

By Special to The Enterprise | From Page: A3

 
Free beginner yoga class offered

By Enterprise staff | From Page: A4

 
Video discusses surveillance of prostate cancer

By Special to The Enterprise | From Page: A4

NAMI support group meets May 10

By Enterprise staff | From Page: A4

 
Dr. G featured on the radio

By Special to The Enterprise | From Page: A4

Fee proposed on rail cars that haul oil, other flammables

By The Associated Press | From Page: A4 | Gallery

 
Indoor Fun Fly comes to Woodland

By Enterprise staff | From Page: A4

 
Internships move UCD doctoral students beyond academia

By Julia Ann Easley | From Page: A5 | Gallery

Make Mom a warm vanilla sugar scrub

By Enterprise staff | From Page: A6

 
The secret to Mother’s Day gifting success: Give time, not stuff

By Special to The Enterprise | From Page: A6

Letter book is series of collected missives thanking Mom

By The Associated Press | From Page: A7

 
If your mom fancies something fancy, consider a tea party

By The Associated Press | From Page: A7

Out of Africa and back to Davis: James Carey will give special presentation

By Kathy Keatley Garvey | From Page: A9 | Gallery

 
Big Day of Giving makes philanthropy easy

By Tanya Perez | From Page: A10 | Gallery

Tuleyome Tales: How are a snake and a mushroom alike?

By Special to The Enterprise | From Page: A12 | Gallery

 
Tuleyome hosts Snow Mountain camping trip

By Special to The Enterprise | From Page: A12 | Gallery

.

Forum

End of life doesn’t mean life must end

By Special to The Enterprise | From Page: B4 | Gallery

 
Advancing education for California’s former foster youths

By Special to The Enterprise | From Page: B4

With sincere gratitude

By Letters to the Editor | From Page: B4

 
A wonderful day of service

By Letters to the Editor | From Page: B4

Please help Baltimore

By Letters to the Editor | From Page: B4

 
Eyewitness to the ‘fall’ of Vietnam: It was not a bloodbath

By Special to The Enterprise | From Page: B5 | Gallery

He can’t give it up

By Creators Syndicate | From Page: B6

 
 
Dangers from prescription pills

By Special to The Enterprise | From Page: B6

.

Sports

UCD softball splits with Titans

By Enterprise staff | From Page: B1 | Gallery

 
Trifecta of Devil teams open playoffs Tuesday

By Evan Ream | From Page: B1 | Gallery

 
Defending champ DHS clinches a baseball playoff berth

By Enterprise staff | From Page: B1

Making memories at Aggie Stadium

By Wayne Tilcock | From Page: B3 | Gallery

 
Sports briefs: DHS boys win to reach lacrosse playoffs

By Enterprise staff | From Page: B3 | Gallery

UCD roundup: Aggie women speed past Hornets

By Enterprise staff | From Page: B12 | Gallery

 
Pro baseball roundup: Hudson pitches Giants past Angels

By The Associated Press | From Page: B12

.

Features

.

Arts

.

Business

Arcadia partners on soybean trait to improve yield

By Special to The Enterprise | From Page: A8

 
Marrone opens new greenhouse

By Special to The Enterprise | From Page: A8

 
New firm helps students on path to college

By Wendy Weitzel | From Page: A8

Yolo County real estate sales

By Zoe Juanitas | From Page: A8

 
.

Obituaries

.

Comics

Comics: Sunday, May 3, 2015

By Creator | From Page: B8