Wednesday, July 30, 2014
YOLO COUNTY NEWS
99 CENTS

Security gaps in Android apps exposed

By
From page A6 | April 24, 2013 |

UC Davis researchers have discovered security issues on the Android platform, which has about a half-billion users worldwide. Malicious code added to the system via a hidden download could invade vulnerable programs. CanStock photo

[ File # csp9464113, License # 2568991 ] Licensed through http://www.canstockphoto.com in accordance with the End User License Agreement (http://www.canstockphoto.com/legal.php) (c) Can Stock Photo Inc. / savcoco

Popular texting, messaging and microblog apps developed for the Android smartphone have security flaws that could expose private information or allow forged fraudulent messages to be posted, according to UC Davis researchers.

Zhendong Su, professor of computer science, said his team has notified the app developers of the problems, although it has not yet had a response.

The security flaws were identified by graduate student Dennis (Liang) Xu, who collected about 120,000 free apps from the Android marketplace. The researchers focused initially on the Android platform, which has about a half-billion users worldwide.

Android is quite different from Apple’s iOS platform, but there may well be similar problems with iPhone apps, Xu said.

The victim would first have to download a piece of malicious code onto his phone. This could be disguised as or hidden in a useful app, or attached to a “phishing” email or Web link. The malicious code then would invade the vulnerable programs.

The programs were left vulnerable because their developers inadvertently left parts of the code public that should have been locked up, Xu said.

“It’s a developer error,” Xu said. “This code was intended to be private but they left it public.”

Su and Xu, with graduate student Fangqi Sun and visiting scholar Linfeng Liu, of Xi’an Jiatong University, China, found that many of the apps they surveyed had potential vulnerabilities. They looked closely at a handful of major applications that turned out to have serious security flaws.

Handcent SMS, for example, is a popular text-messaging app that allows users to place some text messages in a private, password-protected inbox. Xu found that it is possible for an attacker to access and read personal information from the app, including “private” messages.

WeChat is an instant messaging service popular in China and similar to the Yahoo and AOL instant messengers. The service normally runs in the background on a user’s phone and sends notifications when messages are received. Xu discovered a way for malicious code to turn off the WeChat background service, so a user would think the service is still working when it is not.

Weibo is a hugely popular microblog service that has been described as the Chinese equivalent of Twitter. But its Android client is vulnerable, and it is possible for malicious code to forge and post fraudulent messages, Xu said.

The researchers have submitted a paper on the work to the Systems, Programming, Languages and Applications: Software for Humanity (SPLASH) 2013 conference to be held in Indianapolis this October.

— UC Davis News Service

Comments

comments

.

News

 
 
Mosquito districts sprays tonight

By Enterprise staff | From Page: A2

Bob Dunning: Poll dancing, direct from Las Vegas

By Bob Dunning | From Page: A2

 
Health premiums rose significantly in 2014

By The Associated Press | From Page: A2

Movies in the Park return this fall

By Enterprise staff | From Page: A4

 
Tee off for Davis’ continued prosperity

By Lily Holmes | From Page: A4

Center for Families hosts Summer Carnival

By Enterprise staff | From Page: A4

 
Vintage car show planned this fall

By Enterprise staff | From Page: A4

Davis native named a Schweitzer Fellow

By Special to The Enterprise | From Page: A4

 
Biggest book sale to date opens Friday at Davis library

By Enterprise staff | From Page: A4

Share your love of nature with young wetlands visitors

By Special to The Enterprise | From Page: A4 | Gallery

 
Tasting event benefits Yolo Land Trust

By Lily Holmes | From Page: A4

DHS Class of ’94 set 20th reunion

By Enterprise staff | From Page: A5

 
Tips, techniques will give you a green thumb

By Enterprise staff | From Page: A5

Grief support focuses on journaling

By Special to The Enterprise | From Page: A5

 
How the Bockler wasp got its name

By Kathy Keatley Garvey | From Page: A5 | Gallery

Kiwanis golf tournament supports local agencies

By Enterprise staff | From Page: A5

 
Drop off school supplies at Edward Jones offices

By Enterprise staff | From Page: A5

Wine-tastings will benefit YCCC

By Enterprise staff | From Page: A5

 
Yolo County CASA seeks volunteer child advocates

By Enterprise staff | From Page: A7

UC Davis alumnus hopes to bring amateur radio to Nepal

By Rachel Uda | From Page: A7 | Gallery

 
Recycle old paint cans for free

By Enterprise staff | From Page: A8

.

Forum

Not sure which direction to go

By Creators Syndicate | From Page: B5

 
Violence as entertainment

By Letters to the Editor | From Page: A6

Shocked at vampires story

By Letters to the Editor | From Page: A6

 
Paul Krugman: Corporate artful dodgers

By Paul Krugman | From Page: A6

Nicholas Kristof: The world’s coolest places

By Nicholas Kristof | From Page: A6

 
Tom Meyer cartoon

By Debbie Davis | From Page: A6

Gravel mining affects us all

By Letters to the Editor | From Page: A6

 
.

Sports

A’s rally to win

By The Associated Press | From Page: B1

 
Morse homers but Giants lose 6th straight

By The Associated Press | From Page: B1

Nightmare on Ballpark Drive for River Cats

By Will Bellamy | From Page: B1 | Gallery

 
Fiona Buck pushes the limits in para-athletics

By Felicia Alvarez | From Page: B1 | Gallery

Schaub settles in as Raiders starting QB

By The Associated Press | From Page: B2

 
.

Features

.

Arts

Brady earns top honors at State Fair

By Enterprise staff | From Page: A9

 
Smither releases new CD Saturday at The Palms

By Kate Laddish | From Page: A9 | Gallery

RootStock kicks off ‘Día de Albariño’

By Enterprise staff | From Page: A9

 
Folk musicians will jam in the Arboretum

By Enterprise staff | From Page: A9

YoloArts to host a state of change exhibit

By Enterprise staff | From Page: A9

 
UCD professor Andy Jones named Davis’ new poet laureate

By Rachel Uda | From Page: A9 | Gallery

 
Molten art on display at Davis Arts Center

By Enterprise staff | From Page: A9

.

Business

.

Obituaries

Calvin D. Rourke

By Special to The Enterprise | From Page: A4

 
.

Comics

Comics: Wednesday, July 30, 2014

By Creator | From Page: B6